# Bad Virus, badly infected PC, PLEASE HELP



## theFAst0ne (Apr 16, 2009)

My PC (Dell Inspiron 1420, Vista Service Pack 2) seems to be badly infected. My webpages are redirected, CPU is over loaded, RAM is too full, crashes from time to time. Now random audio is playing (not all the time) even though there are no programs running! There was also a program called "Security Protection" running and it looked like microsoft software, but it was closing anything i opened. But i managed to delete the file location for the software. Anti virus (Microsoft security essentials) picks up nothing, please help!

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:19:45, on 2011/08/14
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\WLTRAY.EXEa
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=ae&l=ar&s=gen
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Softonic-Eng7 - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Matthew.davidp54-PC\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_MTN Online] "C:\Program Files\MTN [email protected]\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-18\..\Run: [8DDYX0ZBPZ] C:\Windows\TEMP\Zgl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [8DDYX0ZBPZ] C:\Windows\TEMP\Zgl.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\xnbcyf\setup.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate1c9cca6668a0886) (gupdate1c9cca6668a0886) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15641 bytes

DDS:
.
DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Matthew at 23:53:57 on 2011-08-13
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.27.1033.18.2045.178 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\TEMP\xnbcyf\setup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ProgramData\DatacardService\DCService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Windows\TEMP\Zgm.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Users\Matthew.davidp54-PC\AppData\Roaming\MTN Online\ouc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IObit\Advanced SystemCare 4\Asc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IObit\Advanced SystemCare 4\DiskScan.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\TEMP\Zgk.exe
C:\Program Files\Dell Support Center\pcdrcui.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell Support Center\pcdrsysinfosoftware.p5x
C:\Program Files\Dell Support Center\pcdrsysinfoperipheral.p5x
C:\Program Files\Dell Support Center\pcdrsysinfocpu_x86.p5x
C:\Program Files\Dell Support Center\pcdrsysinfocommunication.p5x
C:\Program Files\Dell Support Center\pcdrsysinfovideocapture.p5x
C:\Program Files\Dell Support Center\pcdrsysinfobluetooth.p5x
C:\Program Files\Dell Support Center\pcdrsysinfostorage.p5x
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=ae&l=ar&s=gen
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.5\iobitToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\matthew.davidp54-pc\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [HW_OPENEYE_OUC_MTN Online] "c:\program files\mtn [email protected]\updatedog\ouc.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\matthew.davidp54-pc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Security Protection] c:\programdata\defender.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
dRun: [8DDYX0ZBPZ] c:\windows\temp\Zgl.exe
dRunOnce: [<NO NAME>] 
mExplorerRun: [<NO NAME>] 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1D21550B-AB6F-47E4-B702-D36C376DE28D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{54B357F9-7FCB-4D73-9059-CE808AB1A8DC} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CDE71F3A-62CB-4933-A4DA-49227825A9B3} : DhcpNameServer = 10.0.0.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R? A5AGU;D-Link USB Wireless Network Adapter Service
R? AMService;AMService
R? ATHFMWDL;D-Link predator Bootloader driver
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886)
R? gupdatem;Google Update Service (gupdatem)
R? HTCAND32;HTC Device Driver
R? htcnprot;HTC NDIS Protocol Driver
R? MpKsl0d798752;MpKsl0d798752
R? MpKsl1beafc06;MpKsl1beafc06
R? MpKsl61caa5ad;MpKsl61caa5ad
R? MpKsl71ee565a;MpKsl71ee565a
R? MpKsl8ab4f3a7;MpKsl8ab4f3a7
R? MpKsl8c564650;MpKsl8c564650
R? MpKsl8e6bfa64;MpKsl8e6bfa64
R? MpKslc4771124;MpKslc4771124
R? MpKslc5ca38be;MpKslc5ca38be
R? MpKsldbdb1bde;MpKsldbdb1bde
R? MpKsldd116bb1;MpKsldd116bb1
R? MpKsle1a2c4fa;MpKsle1a2c4fa
R? MpKslecb33c4a;MpKslecb33c4a
R? MpNWMon;Microsoft Malware Protection Network Driver
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? nmwcdnsu;Nokia USB Flashing Phone Parent
R? nmwcdnsuc;Nokia USB Flashing Generic
R? s115bus;Sony Ericsson Device 115 driver (WDM)
R? s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter
R? s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver
R? s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
R? s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface
R? SBSDWSCService;SBSD Security Center Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340)
R? WSDPrintDevice;WSD Print Support via UMB
R? WSDScan;WSD Scan Support via UMB
S? AdvancedSystemCareService;Advanced SystemCare Service
S? AESTFilters;Andrea ST Filters Service
S? Application Updater;Application Updater
S? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
S? DCService.exe;DCService.exe
S? DockLoginService;Dock Login Service
S? FileMonitor;FileMonitor
S? FontCache;Windows Font Cache Service
S? huawei_enumerator;huawei_enumerator
S? IMFservice;IMF Service
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl2e7d0f26;MpKsl2e7d0f26
S? PassThru Service;Internet Pass-Through Service
S? RegFilter;RegFilter
S? SftService;SoftThinks Agent Service
S? SmartDefragDriver;SmartDefragDriver
S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
S? UrlFilter;UrlFilter
.
=============== Created Last 30 ================
.
2011-08-13 22:41:45	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-13 22:12:49	28752	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{0d93d0f9-0c86-46fc-a1b7-6efc5cb35539}\MpKsl2e7d0f26.sys
2011-08-10 19:09:45	--------	d-----w-	c:\users\matthew.davidp54-pc\appdata\local\MagicSoftware
2011-08-10 19:09:35	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51:03	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-10 18:12:55	65024	--sha-r-	c:\windows\system32\mswmdma.dll
2011-08-09 20:22:01	6881616	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{0d93d0f9-0c86-46fc-a1b7-6efc5cb35539}\mpengine.dll
2011-08-09 20:17:35	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2011-08-09 18:41:15	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41:14	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:40:56	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40:56	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28:24	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:28:08	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 08:31:34	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26:18	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48:31	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2011-07-27 13:22:27	6881616	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-07-21 11:58:57	--------	d-----w-	c:\program files\iPod
2011-07-21 11:58:55	--------	d-----w-	c:\program files\iTunes
2011-07-21 11:56:41	--------	d-----w-	c:\program files\Bonjour
2011-07-17 12:39:46	--------	d-----w-	c:\program files\Application Updater
2011-07-17 12:39:45	--------	d-----w-	c:\program files\IObit Toolbar
.
==================== Find3M ====================
.
2011-08-09 18:27:34	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-08-09 18:27:32	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-08-09 18:27:30	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-13 12:47:52	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47:26	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46:43	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46:43	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20:54	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20:54	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-05-24 17:14:10	222080	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH: 0:09:01.93 ===============

Couldn't download GMER.

Please post if you need any more info.


----------



## kevinf80 (Mar 21, 2006)

Hiya theFAst0ne,

Run the following :-

*Step 1*

Please download *Rkill* and save to your Desktop.

Double-click on the Rkill desktop icon to run the tool.
_If using Vista or Windows 7 right-click on it and Run As Administrator_.
A *black DOS box* will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use *Link 1* from the following list and so on in sequencial order until one runs successfully. 
*Link 1*

*Link 2*

*Link 3*

*Link 4*

*Link 5*

*Link 6*

A log pops up at the end of the run. This log file is also located at C:\rkill.log. Please post this log in your reply.
If you get an alert from your *own* Security Program, accept it and allow Rkill to run, it is very safe and will not harm your system.
If the alert is from the Infection Malware program (you`ll know by the name) leave the alert open and run the same Rkill version again. You may have to run it several times, it may take upto 9 to work.
If the tool does not run from any of the links provided, please let me know.

*Step 2*

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

Before saving Combofix to the Desktop re-name to Gotcha.exe as below:










 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please...

Kevin


----------



## theFAst0ne (Apr 16, 2009)

rkill:

This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish.

Rkill was run on 2011/08/14 at 22:00:01. 
Operating System: Windows Vista (TM) Home Premium

Processes terminated by Rkill or while it was running:

C:\ProgramData\DatacardService\DCService.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Users\Matthew.davidp54-PC\AppData\Roaming\MTN Online\ouc.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matthew.davidp54-PC\AppData\Local\Google\Chrome\Application\chrome.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE

Rkill completed on 2011/08/14 at 22:00:38.

ComboFix:

ComboFix 11-08-15.06 - Matthew 2011/08/14 22:35:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2045.1080 [GMT 1:00]
Running from: c:\users\Matthew.davidp54-PC\Desktop\gotcha.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5830\Downloads\652c72d6-ea41-4060-96f7-060298329393.dll
c:\programdata\PCDr\5830\Downloads\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\5830\Downloads\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\5830\Downloads\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\system
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-14 22:00 . 2011-08-14 22:01	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\temp
2011-08-14 22:00 . 2011-08-14 22:00	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-08-14 22:00 . 2011-08-14 22:00	--------	d-----w-	c:\users\Giovanna\AppData\Local\temp
2011-08-14 22:00 . 2011-08-14 22:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-14 22:00 . 2011-08-14 22:00	--------	d-----w-	c:\users\davidp54\AppData\Local\temp
2011-08-14 09:11 . 2011-08-14 09:12	--------	d-----w-	C:\3af0a8e7e6fc3b274e9061
2011-08-13 22:58 . 2011-08-13 22:58	388096	----a-r-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-13 22:58 . 2011-08-13 22:58	--------	d-----w-	c:\program files\Trend Micro
2011-08-13 22:41 . 2011-08-13 23:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41 . 2011-08-13 22:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Apps
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Deployment
2011-08-12 14:11 . 2011-08-12 14:11	--------	d-----w-	c:\users\Giovanna\AppData\Roaming\IObit
2011-08-12 14:10 . 2011-08-12 14:11	--------	d-----w-	c:\users\Giovanna\AppData\Roaming\HTC
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\MagicSoftware
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51 . 2011-08-10 18:51	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-10 18:12 . 2011-08-10 18:12	65024	--sha-r-	c:\windows\system32\mswmdma.dll
2011-08-09 20:17 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 18:41 . 2011-08-09 18:41	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41 . 2011-08-09 18:41	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:40 . 2011-08-09 18:40	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40 . 2011-08-09 18:40	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28 . 2011-08-09 18:28	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:28 . 2011-08-09 18:28	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 08:31 . 2011-08-09 08:31	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48 . 2009-02-24 16:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2011-07-21 11:58 . 2011-07-21 11:58	--------	d-----w-	c:\program files\iPod
2011-07-21 11:58 . 2011-07-21 11:59	--------	d-----w-	c:\program files\iTunes
2011-07-21 11:56 . 2011-07-21 11:56	--------	d-----w-	c:\program files\Bonjour
2011-07-17 12:39 . 2011-07-17 12:39	--------	d-----w-	c:\program files\Application Updater
2011-07-17 12:39 . 2011-07-17 12:39	--------	d-----w-	c:\program files\IObit Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 12:47 . 2011-07-13 12:47	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47 . 2011-07-13 12:47	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46 . 2011-07-13 12:46	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46 . 2011-07-13 12:46	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-05-24 17:14 . 2010-07-25 11:39	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-14 16:41 . 2011-05-01 09:55	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\ConduitEngine\ConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"googletalk"="c:\users\Matthew.davidp54-PC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HW_OPENEYE_OUC_MTN Online"="c:\program files\MTN [email protected]\UpdateDog\ouc.exe" [2010-03-16 110592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-07-20 4393816]
.
c:\users\Giovanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 MpKsl0d798752;MpKsl0d798752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F5449B6-E093-4B48-848E-650FCA25E35B}\MpKsl0d798752.sys [x]
R1 MpKsl1beafc06;MpKsl1beafc06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F00CF970-42FB-4166-8B30-9FB3E5965F43}\MpKsl1beafc06.sys [x]
R1 MpKsl61caa5ad;MpKsl61caa5ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D93D0F9-0C86-46FC-A1B7-6EFC5CB35539}\MpKsl61caa5ad.sys [x]
R1 MpKsl71ee565a;MpKsl71ee565a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKsl71ee565a.sys [x]
R1 MpKsl8ab4f3a7;MpKsl8ab4f3a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{292A3D70-6242-4E29-A96F-A8F2D56F087D}\MpKsl8ab4f3a7.sys [x]
R1 MpKsl8c564650;MpKsl8c564650;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32D6E33A-D96F-4B28-A931-D4C81AA2FFE9}\MpKsl8c564650.sys [x]
R1 MpKsl8e6bfa64;MpKsl8e6bfa64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D6A1A1-3D0A-46D3-A1FB-6A7A48032C0D}\MpKsl8e6bfa64.sys [x]
R1 MpKslc4771124;MpKslc4771124;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA1C585E-ABCA-4ACB-A94B-CC7C708204A5}\MpKslc4771124.sys [x]
R1 MpKslc5ca38be;MpKslc5ca38be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKslc5ca38be.sys [x]
R1 MpKsldbdb1bde;MpKsldbdb1bde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldbdb1bde.sys [x]
R1 MpKsldd116bb1;MpKsldd116bb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldd116bb1.sys [x]
R1 MpKsle1a2c4fa;MpKsle1a2c4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98497323-F18C-4231-831C-1493AEB3666A}\MpKsle1a2c4fa.sys [x]
R1 MpKslecb33c4a;MpKslecb33c4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKslecb33c4a.sys [x]
R2 AMService;AMService;c:\windows\TEMP\xnbcyf\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
R2 gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-07-11 18768]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-03-22 30600]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-03-22 19280]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000Core.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000UA.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003Core.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003UA.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005Core.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005UA.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-MagicDisc 2.7.106 - c:\progra~1\MAGICD~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 23:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=hex:51,66,7a,6c,4c,1d,38,12,f3,6e,58,
45,a7,04,e3,0b,ca,a7,57,dd,d7,87,7f,a7
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{0E797919-F964-4628-A1D9-1E21894E52F5}"=hex:51,66,7a,6c,4c,1d,38,12,77,7a,6a,
0a,56,b7,46,03,de,cf,5d,61,8c,10,16,e1
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:07,37,8f,7b,8e,57,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,c3,47,a6,db,ca,28,46,ae,5c,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,c3,47,a6,db,ca,28,46,ae,5c,ff,\
.
[HKEY_USERS\S-1-5-21-2226694355-1947302505-974820688-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-14 23:12:17
ComboFix-quarantined-files.txt 2011-08-14 22:11
.
Pre-Run: 74*440*007*680 bytes free
Post-Run: 74*506*780*672 bytes free
.
- - End Of File - - A6F28E2A92E2475D3086383D327C72FF


----------



## kevinf80 (Mar 21, 2006)

Continue as follows please:

*Step 1*

I need you to shut off Spybots Teatimer as it will interfere with any tools we try to run:

1) Open Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Leave Teatimer off until told otherwise

*Step 2*

Uninstall the following (if present) :-

*Advanced SystemCare
I0bit
SmartDefrag*

*Step 3*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
ClearJavaCache::
KillAll::
File::
c:\windows\system32\ConduitEngine.tmp
c:\windows\System32\Drivers\SmartDefrag Driver.sys
Folder::
c:\users\Giovanna\AppData\Roaming\IObit
c:\program files\IObit Toolbar
c:\program files\ConduitEngine
Driver::
SmartDefragDriver
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*Step 4*

*Upload a File to Virustotal*
Please visit *Virustotal*

 Click the *Browse...* button
 Navigate to the file *c:\windows\system32\mswmdma.dll*
 Click the *Open* button
 Click the *Send* button
 If you get a message saying File has already been analyzed: click Reanalyze file now
 Copy and paste the results back here please.

Let me see the log from Combofix and results from VirusTotal in next reply....

Kevin


----------



## theFAst0ne (Apr 16, 2009)

ComboFix:

ComboFix 11-08-15.06 - Matthew 2011/08/15 9:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2045.1126 [GMT 1:00]
Running from: c:\users\Matthew.davidp54-PC\Desktop\gotcha.exe
Command switches used :: c:\users\Matthew.davidp54-PC\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\System32\Drivers\SmartDefrag Driver.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngin0.dll
c:\program files\ConduitEngine\ConduitEngin1.dll
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineHelper1.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\IObit Toolbar
c:\program files\IObit Toolbar\FF\chrome.manifest
c:\program files\IObit Toolbar\FF\chrome\content\chevron.js
c:\program files\IObit Toolbar\FF\chrome\content\chevron.xul
c:\program files\IObit Toolbar\FF\chrome\content\login.js
c:\program files\IObit Toolbar\FF\chrome\content\login.xul
c:\program files\IObit Toolbar\FF\chrome\content\parser.js
c:\program files\IObit Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\IObit Toolbar\FF\chrome\content\searchbox.js
c:\program files\IObit Toolbar\FF\chrome\content\searchbox.xul
c:\program files\IObit Toolbar\FF\chrome\content\utils.js
c:\program files\IObit Toolbar\FF\chrome\content\widgichevron.js
c:\program files\IObit Toolbar\FF\chrome\content\widgicomm.js
c:\program files\IObit Toolbar\FF\chrome\content\widgihandling.js
c:\program files\IObit Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\IObit Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\IObit Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\IObit Toolbar\FF\chrome\content\widgiui.js
c:\program files\IObit Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\IObit Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\IObit Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\IObit Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\IObit Toolbar\FF\chrome\skin\amazon.gif
c:\program files\IObit Toolbar\FF\chrome\skin\chevron.gif
c:\program files\IObit Toolbar\FF\chrome\skin\ebay.gif
c:\program files\IObit Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\IObit Toolbar\FF\chrome\skin\iobit_logo.gif
c:\program files\IObit Toolbar\FF\chrome\skin\iobit_logo_hover.gif
c:\program files\IObit Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\IObit Toolbar\FF\chrome\skin\search-button.gif
c:\program files\IObit Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\IObit Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\IObit Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\IObit Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\IObit Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\IObit Toolbar\FF\chrome\skin\searchbox.css
c:\program files\IObit Toolbar\FF\chrome\skin\security.gif
c:\program files\IObit Toolbar\FF\chrome\skin\splitter.gif
c:\program files\IObit Toolbar\FF\chrome\skin\system.gif
c:\program files\IObit Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\IObit Toolbar\FF\install.rdf
c:\program files\IObit Toolbar\IE\4.5\config.ini
c:\program files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
c:\program files\IObit Toolbar\Res\amazon.gif
c:\program files\IObit Toolbar\Res\ebay.gif
c:\program files\IObit Toolbar\Res\icon_settings.gif
c:\program files\IObit Toolbar\Res\iobit_logo.gif
c:\program files\IObit Toolbar\Res\iobit_logo_hover.gif
c:\program files\IObit Toolbar\Res\search-button-hover.gif
c:\program files\IObit Toolbar\Res\search-button.gif
c:\program files\IObit Toolbar\Res\search-chevron-hover.gif
c:\program files\IObit Toolbar\Res\search-chevron.gif
c:\program files\IObit Toolbar\Res\search_amazon.gif
c:\program files\IObit Toolbar\Res\search_ebay.gif
c:\program files\IObit Toolbar\Res\search_yahoo.gif
c:\program files\IObit Toolbar\Res\security.gif
c:\program files\IObit Toolbar\Res\system.gif
c:\program files\IObit Toolbar\Res\widgets.xml
c:\program files\IObit Toolbar\WidgiHelper.exe
c:\programdata\PCDr\5830\Downloads\652c72d6-ea41-4060-96f7-060298329393.dll
c:\programdata\PCDr\5830\Downloads\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\programdata\PCDr\5830\Downloads\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\users\Giovanna\AppData\Roaming\IObit
c:\users\Giovanna\AppData\Roaming\IObit\IObit Malware Fighter\config.ini
c:\users\Giovanna\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini
c:\users\Giovanna\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SMARTDEFRAGDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 09:05 . 2011-08-15 09:11	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\temp
2011-08-15 09:05 . 2011-08-15 09:05 --------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-08-15 09:05 . 2011-08-15 09:05	--------	d-----w-	c:\users\Giovanna\AppData\Local\temp
2011-08-15 09:05 . 2011-08-15 09:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-15 09:05 . 2011-08-15 09:05	--------	d-----w-	c:\users\davidp54\AppData\Local\temp
2011-08-14 22:33 . 2011-08-14 22:33	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Roaming\AVG10
2011-08-14 22:32 . 2011-08-14 22:32	--------	d--h--w-	c:\programdata\Common Files
2011-08-14 22:29 . 2011-08-15 08:27	--------	d-----w-	c:\programdata\AVG10
2011-08-14 22:29 . 2011-08-15 08:18	--------	d-----w-	c:\windows\system32\drivers\AVG
2011-08-14 22:21 . 2011-08-15 08:19	--------	d-----w-	c:\programdata\MFAData
2011-08-14 09:11 . 2011-08-14 09:12	--------	d-----w-	C:\3af0a8e7e6fc3b274e9061
2011-08-13 22:58 . 2011-08-13 22:58	388096	----a-r-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-13 22:58 . 2011-08-13 22:58	--------	d-----w-	c:\program files\Trend Micro
2011-08-13 22:41 . 2011-08-13 23:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41 . 2011-08-13 22:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Apps
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Deployment
2011-08-12 14:10 . 2011-08-12 14:11	--------	d-----w-	c:\users\Giovanna\AppData\Roaming\HTC
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\MagicSoftware
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51 . 2011-08-10 18:51	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-10 18:12 . 2011-08-10 18:12	65024	--sha-r-	c:\windows\system32\mswmdma.dll
2011-08-09 20:17 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 18:41 . 2011-08-09 18:41	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41 . 2011-08-09 18:41	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:40 . 2011-08-09 18:40	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40 . 2011-08-09 18:40	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28 . 2011-08-09 18:28	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:28 . 2011-08-09 18:28	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 08:31 . 2011-08-09 08:31	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48 . 2009-02-24 16:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2011-07-21 11:58 . 2011-07-21 11:58	--------	d-----w-	c:\program files\iPod
2011-07-21 11:58 . 2011-07-21 11:59	--------	d-----w-	c:\program files\iTunes
2011-07-21 11:56 . 2011-07-21 11:56	--------	d-----w-	c:\program files\Bonjour
2011-07-17 12:39 . 2011-07-17 12:39	--------	d-----w-	c:\program files\Application Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 12:47 . 2011-07-13 12:47	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47 . 2011-07-13 12:47	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46 . 2011-07-13 12:46	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46 . 2011-07-13 12:46	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-05-24 17:14 . 2010-07-25 11:39	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-14 16:41 . 2011-05-01 09:55	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"googletalk"="c:\users\Matthew.davidp54-PC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HW_OPENEYE_OUC_MTN Online"="c:\program files\MTN [email protected]\UpdateDog\ouc.exe" [2010-03-16 110592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Giovanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 MpKsl0d798752;MpKsl0d798752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F5449B6-E093-4B48-848E-650FCA25E35B}\MpKsl0d798752.sys [x]
R1 MpKsl1beafc06;MpKsl1beafc06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F00CF970-42FB-4166-8B30-9FB3E5965F43}\MpKsl1beafc06.sys [x]
R1 MpKsl61caa5ad;MpKsl61caa5ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D93D0F9-0C86-46FC-A1B7-6EFC5CB35539}\MpKsl61caa5ad.sys [x]
R1 MpKsl71ee565a;MpKsl71ee565a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKsl71ee565a.sys [x]
R1 MpKsl8ab4f3a7;MpKsl8ab4f3a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{292A3D70-6242-4E29-A96F-A8F2D56F087D}\MpKsl8ab4f3a7.sys [x]
R1 MpKsl8c564650;MpKsl8c564650;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32D6E33A-D96F-4B28-A931-D4C81AA2FFE9}\MpKsl8c564650.sys [x]
R1 MpKsl8e6bfa64;MpKsl8e6bfa64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D6A1A1-3D0A-46D3-A1FB-6A7A48032C0D}\MpKsl8e6bfa64.sys [x]
R1 MpKslc4771124;MpKslc4771124;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA1C585E-ABCA-4ACB-A94B-CC7C708204A5}\MpKslc4771124.sys [x]
R1 MpKslc5ca38be;MpKslc5ca38be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKslc5ca38be.sys [x]
R1 MpKsldbdb1bde;MpKsldbdb1bde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldbdb1bde.sys [x]
R1 MpKsldd116bb1;MpKsldd116bb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldd116bb1.sys [x]
R1 MpKsle1a2c4fa;MpKsle1a2c4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98497323-F18C-4231-831C-1493AEB3666A}\MpKsle1a2c4fa.sys [x]
R1 MpKslecb33c4a;MpKslecb33c4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKslecb33c4a.sys [x]
R2 AMService;AMService;c:\windows\TEMP\xnbcyf\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000Core.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000UA.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003Core.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003UA.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005Core.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005UA.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-conduitEngine - c:\program files\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 10:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=hex:51,66,7a,6c,4c,1d,38,12,f3,6e,58,
45,a7,04,e3,0b,ca,a7,57,dd,d7,87,7f,a7
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{0E797919-F964-4628-A1D9-1E21894E52F5}"=hex:51,66,7a,6c,4c,1d,38,12,77,7a,6a,
0a,56,b7,46,03,de,cf,5d,61,8c,10,16,e1
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:07,37,8f,7b,8e,57,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,c3,47,a6,db,ca,28,46,ae,5c,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,c3,47,a6,db,ca,28,46,ae,5c,ff,\
.
[HKEY_USERS\S-1-5-21-2226694355-1947302505-974820688-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5332)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-15 10:16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-15 09:16
ComboFix2.txt 2011-08-14 22:12
.
Pre-Run: 73*860*517*888 bytes free
Post-Run: 73*338*736*640 bytes free
.
- - End Of File - - 083D8758FF082BD0621A47AEE94F860C

Virustotal.com:

(I could only locate the file mswmdm.dll, not mswmdma.dll)

Antivirus	Version	Last Update	Result
AhnLab-V3	2011.08.14.00	2011.08.14	-
AntiVir	7.11.13.41	2011.08.15	-
Antiy-AVL	2.0.3.7	2011.08.15	-
Avast	4.8.1351.0	2011.08.15	-
Avast5	5.0.677.0	2011.08.15	-
AVG	10.0.0.1190	2011.08.14	-
BitDefender	7.2	2011.08.15	-
CAT-QuickHeal	11.00	2011.08.13	-
ClamAV	0.97.0.0	2011.08.15	-
Commtouch	5.3.2.6	2011.08.15	-
Comodo	9752	2011.08.15	-
DrWeb	5.0.2.03300	2011.08.15	-
Emsisoft	5.1.0.8	2011.08.15	-
eSafe	7.0.17.0	2011.08.14	-
eTrust-Vet	36.1.8502	2011.08.15	-
F-Prot	4.6.2.117	2011.08.15	-
F-Secure	9.0.16440.0	2011.08.15	-
Fortinet	4.2.257.0	2011.08.15	-
GData	22	2011.08.15	-
Ikarus	T3.1.1.107.0	2011.08.15	-
Jiangmin	13.0.900	2011.08.14	-
K7AntiVirus	9.109.5010	2011.08.12	-
Kaspersky	9.0.0.837	2011.08.15	-
McAfee	5.400.0.1158	2011.08.15	-
McAfee-GW-Edition	2010.1D	2011.08.15	-
Microsoft	1.7104	2011.08.15	-
NOD32	6378	2011.08.15	-
Norman	6.07.10	2011.08.14	-
nProtect	2011-08-14.01	2011.08.14	-
Panda	10.0.3.5	2011.08.14	-
PCTools	8.0.0.5	2011.08.15	-
Prevx	3.0	2011.08.15	-
Rising	23.71.00.03	2011.08.15	-
Sophos	4.67.0	2011.08.15	-
SUPERAntiSpyware	4.40.0.1006	2011.08.13	-
TheHacker	6.7.0.1.277	2011.08.15	-
TrendMicro	9.500.0.1008	2011.08.15	-
TrendMicro-HouseCall	9.500.0.1008	2011.08.15	-
VBA32	3.12.16.4	2011.08.13	-
VIPRE	10168	2011.08.15	-
ViRobot	2011.8.13.4621	2011.08.14	-
VirusBuster	14.0.168.0	2011.08.14	-
Additional informationShow all
MD5 : 915d3430fe926376dd942ae45a9a1665
SHA1 : 2c70cd01517dffa68f0c36781f0bc62ad739e5db
SHA256: f6ef361457ef3cc1f650c86c87e934cffa5fc440a9db7abf05f6de2e3fe809fa
Antivirus	Version	Last Update	Result
AhnLab-V3	2011.08.14.00	2011.08.14	-
AntiVir	7.11.13.41	2011.08.15	-
Antiy-AVL	2.0.3.7	2011.08.15	-
Avast	4.8.1351.0	2011.08.15	-
Avast5	5.0.677.0	2011.08.15	-
AVG	10.0.0.1190	2011.08.14	-
BitDefender	7.2	2011.08.15	-
CAT-QuickHeal	11.00	2011.08.13	-
ClamAV	0.97.0.0	2011.08.15	-
Commtouch	5.3.2.6	2011.08.15	-
Comodo	9752	2011.08.15	-
DrWeb	5.0.2.03300	2011.08.15	-
Emsisoft	5.1.0.8	2011.08.15	-
eSafe	7.0.17.0	2011.08.14	-
eTrust-Vet	36.1.8502	2011.08.15	-
F-Prot	4.6.2.117	2011.08.15	-
F-Secure	9.0.16440.0	2011.08.15	-
Fortinet	4.2.257.0	2011.08.15	-
GData	22	2011.08.15	-
Ikarus	T3.1.1.107.0	2011.08.15	-
Jiangmin	13.0.900	2011.08.14	-
K7AntiVirus	9.109.5010	2011.08.12	-
Kaspersky	9.0.0.837	2011.08.15	-
McAfee	5.400.0.1158	2011.08.15	-
McAfee-GW-Edition	2010.1D	2011.08.15	-
Microsoft	1.7104	2011.08.15	-
NOD32	6378	2011.08.15	-
Norman	6.07.10	2011.08.14	-
nProtect	2011-08-14.01	2011.08.14	-
Panda	10.0.3.5	2011.08.14	-
PCTools	8.0.0.5	2011.08.15	-
Prevx	3.0	2011.08.15	-
Rising	23.71.00.03	2011.08.15	-
Sophos	4.67.0	2011.08.15	-
SUPERAntiSpyware	4.40.0.1006	2011.08.13	-
TheHacker	6.7.0.1.277	2011.08.15	-
TrendMicro	9.500.0.1008	2011.08.15	-
TrendMicro-HouseCall	9.500.0.1008	2011.08.15	-
VBA32	3.12.16.4	2011.08.13	-
VIPRE	10168	2011.08.15	-
ViRobot	2011.8.13.4621	2011.08.14	-
VirusBuster	14.0.168.0	2011.08.14	-
Additional informationShow all
MD5 : 915d3430fe926376dd942ae45a9a1665
SHA1 : 2c70cd01517dffa68f0c36781f0bc62ad739e5db
SHA256: f6ef361457ef3cc1f650c86c87e934cffa5fc440a9db7abf05f6de2e3fe809fa


----------



## kevinf80 (Mar 21, 2006)

Hiya theFAst0ne,

*mswmdma.dll* is definitely on your system, I`m convinced that it is malicious but need to check at VT to be certain....

OK do the following :

Show hidden files/folders, go *Here* for instructions if required.

Next try to upload again to VT...

Please visit *Virustotal*

 Click the *Browse...* button
 Navigate to the file *c:\windows\system32\mswmdma.dll*
 Click the *Open* button
 Click the *Send* button
 If you get a message saying File has already been analyzed: click Reanalyze file now
 Copy and paste the results back here please.

Let me see the log from VT in your reply, also have you installed and ran AVG since my last response to you?

Kevin


----------



## theFAst0ne (Apr 16, 2009)

I have scanned the PC with AVG, but in safe mode as the PC crashed and I rebooted in safe mode. I then uninstalled it to safely run combofix. Here is the report it generated:

AVG 2011 Anti-Virus command line scanner
Copyright (c) 1992 - 2011 AVG Technologies
Program version 10.0.1392, engine 10.0.1520
Virus Database: Version 1520/3834 2011-08-14

C:\Boot\BCD Locked file. Not tested. 
C:\Boot\BCD.LOG Locked file. Not tested. 
C:\pagefile.sys Locked file. Not tested. 
C:\ProgramData\Desktop\ Locked file. Not tested. 
C:\ProgramData\Documents\ Locked file. Not tested. 
C:\ProgramData\Favorites\ Locked file. Not tested. 
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd326cf6bd8f8bad678ed05d6098b62e_c48e6c8c-079a-400d-b441-d2941cad80c7 Locked file. Not tested. 
C:\ProgramData\Templates\ Locked file. Not tested. 
C:\Qoobox\BackEnv\ Locked file. Not tested. 
C:\System Recovery\ Locked file. Not tested. 
C:\System Volume Information\{0fef91b1-c208-11e0-836f-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{0fef91b5-c208-11e0-836f-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{51faf701-bf4c-11e0-afcd-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{51faf71c-bf4c-11e0-afcd-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{51faf721-bf4c-11e0-afcd-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{51faf76e-bf4c-11e0-afcd-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{51faf784-bf4c-11e0-afcd-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{93899cba-c261-11e0-aebf-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{93899da0-c261-11e0-aebf-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\System Volume Information\{b333accc-c1ee-11e0-a97a-00234efe66c8}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not tested. 
C:\Users\davidp54\AppData\Local\History\ Locked file. Not tested. 
C:\Users\davidp54\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db Locked file. Not tested. 
C:\Users\davidp54\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow Locked file. Not tested. 
C:\Users\davidp54\Documents\Downloads\cfg1_50.exe Corrupted executable file Object was moved to Virus Vault.
C:\Users\davidp54\Documents\My Music\ Locked file. Not tested. 
C:\Users\davidp54\Documents\My Pictures\ Locked file. Not tested. 
C:\Users\davidp54\Documents\My Videos\ Locked file. Not tested. 
C:\Users\davidp54\NetHood\ Locked file. Not tested. 
C:\Users\davidp54\PrintHood\ Locked file. Not tested. 
C:\Users\davidp54\Templates\ Locked file. Not tested. 
C:\Users\Default\AppData\Local\History\ Locked file. Not tested. 
C:\Users\Default\Documents\My Music\ Locked file. Not tested. 
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested. 
C:\Users\Default\Documents\My Videos\ Locked file. Not tested. 
C:\Users\Default\NetHood\ Locked file. Not tested. 
C:\Users\Default\PrintHood\ Locked file. Not tested. 
C:\Users\Default\Recent\ Locked file. Not tested. 
C:\Users\Default\Templates\ Locked file. Not tested. 
C:\Users\Giovanna\AppData\Local\History\ Locked file. Not tested. 
C:\Users\Giovanna\Documents\My Music\ Locked file. Not tested. 
C:\Users\Giovanna\Documents\My Pictures\ Locked file. Not tested. 
C:\Users\Giovanna\Documents\My Videos\ Locked file. Not tested. 
C:\Users\Giovanna\NetHood\ Locked file. Not tested. 
C:\Users\Giovanna\PrintHood\ Locked file. Not tested. 
C:\Users\Giovanna\Templates\ Locked file. Not tested. 
C:\Users\Guest\AppData\Local\History\ Locked file. Not tested. 
C:\Users\Guest\Documents\My Music\ Locked file. Not tested. 
C:\Users\Guest\Documents\My Pictures\ Locked file. Not tested. 
C:\Users\Guest\Documents\My Videos\ Locked file. Not tested. 
C:\Users\Guest\NetHood\ Locked file. Not tested. 
C:\Users\Guest\PrintHood\ Locked file. Not tested. 
C:\Users\Guest\Templates\ Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\AppData\Local\History\ Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\Documents\My Music\ Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\Documents\My Pictures\ Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\Documents\My Videos\ Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\NTUSER.DAT Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\ntuser.dat.LOG1 Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\ntuser.dat.LOG2 Locked file. Not tested. 
C:\Users\Matthew.davidp54-PC\PrintHood\ Locked file. Not tested. 
C:\Users\Public\Documents\My Music\ Locked file. Not tested. 
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested. 
C:\Users\Public\Documents\My Videos\ Locked file. Not tested. 
C:\Windows\bthservsdp.dat Locked file. Not tested. 
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested. 
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested. 
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested. 
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested. 
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested. 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\csp5066.tmp Locked file. Not tested. 
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\csp7036.tmp Locked file. Not tested. 
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested. 
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested. 
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested. 
C:\Windows\System32\catroot2\edb.log Locked file. Not tested. 
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested. 
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested. 
C:\Windows\System32\config\COMPONENTS Locked file. Not tested. 
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested. 
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested. 
C:\Windows\System32\config\DEFAULT Locked file. Not tested. 
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested. 
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested. 
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested. 
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested. 
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested. 
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested. 
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested. 
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested. 
C:\Windows\System32\config\SAM Locked file. Not tested. 
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested. 
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested. 
C:\Windows\System32\config\SECURITY Locked file. Not tested. 
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested. 
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested. 
C:\Windows\System32\config\SOFTWARE Locked file. Not tested. 
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested. 
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested. 
C:\Windows\System32\config\SYSTEM Locked file. Not tested. 
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested. 
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested. 
C:\Windows\System32\config\systemprofile\AppData\Local\History\ Locked file. Not tested. 
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested. 
C:\Windows\System32\mswmdma.dll Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-activexcompat_31bf3856ad364e35_6.0.6002.18488_none_f7e1a0cf00ee7669.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63_ole32.dll_e9dcc2e3 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6002.18456_none_cb3da857a2a706bd.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6002.18456_none_cb3da857a2a706bd_csrsrv.dll_f50da7f9 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.0.6001.18289_en-us_c6970d9b57e4325a.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.0.6001.18289_en-us_c6970d9b57e4325a_wudfhost.exe.mui_1fc689ff Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.0.6001.18289_en-us_c6970d9b57e4325a_wudfplatform.dll.mui_d815d31a Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.0.6001.18289_en-us_c6970d9b57e4325a_wudfsvc.dll.mui_e907fe77 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-d..-usermode.resources_31bf3856ad364e35_6.0.6001.18289_en-us_c6970d9b57e4325a_wudfx.mfl_ed9a43c5 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.0.6002.18392_none_9a94919de4451436.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-d2d_31bf3856ad364e35_7.0.6002.18392_none_9a94919de4451436_d2d1.dll_ef77984b Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f_dfsc.sys_ff9a943d Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b_dnsapi.dll_c81f5791 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b_dnscacheugc.exe_aa32623e Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b_dnsrslvr.dll_faf65b7a Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18301_none_b7a7a0dd1c192568.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18301_none_b7a7a0dd1c192568_t2embed.dll_66e8486f Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18472_none_74204081aab84b66.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18472_none_74204081aab84b66_arial.ttf_e828c109 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18472_none_74204081aab84b66_arialbd.ttf_d4f87b8d Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18472_none_74204081aab84b66_arialbi.ttf_d4cb707a Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-arial_31bf3856ad364e35_6.0.6002.18472_none_74204081aab84b66_ariali.ttf_a85a3504 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.0.6002.18472_none_31693afe7200aef3.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.0.6002.18472_none_31693afe7200aef3_tahoma.ttf_586caa52 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-font-truetype-tahoma_31bf3856ad364e35_6.0.6002.18472_none_31693afe7200aef3_tahomabd.ttf_c258876e Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34_atmfd.dll_ff796bf0 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34_atmlib.dll_fe5ca5c9 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34_dciman32.dll_a41dd515 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34_fontsub.dll_367a1189 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18405_none_abbe991c57a81d34_lpk.dll_ebdc1de9 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6_kernel32.dll_ef9eca7e Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22662_none_884e74f61bdfb306.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22662_none_884e74f61bdfb306_tcpipreg.sys_e872d013 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore_31bf3856ad364e35_7.0.6002.22573_none_9f60824b84ed5ee6.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore_31bf3856ad364e35_7.0.6002.22573_none_9f60824b84ed5ee6_cdd.dll_01f58cd5 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-lddmcore_31bf3856ad364e35_7.0.6002.22573_none_9f60824b84ed5ee6_dxgkrnl.sys_8aad3dfb Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-lua_31bf3856ad364e35_6.0.6002.18328_none_a8233cf659fab220.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-lua_31bf3856ad364e35_6.0.6002.18328_none_a8233cf659fab220_appinfo.dll_6162d887 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-lua_31bf3856ad364e35_6.0.6002.18328_none_a8233cf659fab220_consent.exe_9075a1c2 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-msls31_31bf3856ad364e35_9.1.8112.16421_none_8bf30ea6e05803fd.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-msls31_31bf3856ad364e35_9.1.8112.16421_none_8bf30ea6e05803fd_msls31.dll_8d36fcb7 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8_msxml3.dll_eaee1698 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6002.18269_none_8a1cdf129424f4d8_msxml3r.dll_d752d00e Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6002.22377_none_58c6d798cbc3e308.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6002.22377_none_58c6d798cbc3e308_netio.sys_a06e75d0 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18327_none_5aaebdbbf95dd967.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18327_none_5aaebdbbf95dd967_ntdll.dll_ae4ef39c Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6002.18357_none_beb79a43f8c2b44c.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6002.18357_none_beb79a43f8c2b44c_oleaut32.dll_730e3d41 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_6dc4629ab1869881.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_6dc4629ab1869881_ntkrnlpa.exe_165c312a Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_6dc4629ab1869881_ntoskrnl.exe_0fb0ab79 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.18274_none_0eb4612ae7d5ff77.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6002.18274_none_0eb4612ae7d5ff77_rtutils.dll_243724ab Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18462_none_23bdeb4c5297f24a.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18462_none_23bdeb4c5297f24a_schannel.dll_7364eaa8 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shdocvw_31bf3856ad364e35_6.0.6002.18392_none_e8fc1c190953a005.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shdocvw_31bf3856ad364e35_6.0.6002.18392_none_e8fc1c190953a005_shdocvw.dll_3e0d5648 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18393_none_6db159bc0f68794b.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18393_none_6db159bc0f68794b_apps.inf_0b7d7d89 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18393_none_6db159bc0f68794b_shell32.dll_0d29dca9 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.0.6002.18393_none_fb61e0e2a21b76d6.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.0.6002.18393_none_fb61e0e2a21b76d6_shlwapi.dll_1eec0a2e Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726_shsvcs.dll_f8739230 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18462_none_81390d734e728aac.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18462_none_81390d734e728aac_mrxsmb.sys_cf1a02fc Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970_tcpip.sys_3339bd51 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35_usp10.dll_8785b649 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_0eb925e8763e1828.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_0e7e5e7f2eb069f5.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-webservices.resources_31bf3856ad364e35_6.0.6001.18302_en-us_0eb925e8763e1828_webservices.dll.mui_eecc809d Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-webservices_31bf3856ad364e35_6.0.6001.18302_none_0e7e5e7f2eb069f5_webservices.dll_58f50a80 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18475_none_ba934aea97e14d3f.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18475_none_ba934aea97e14d3f_win32k.sys_0d7a6fb3 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b_afd.sys_084af4a8 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-xmllite_31bf3856ad364e35_6.0.6002.18482_none_8acd7ef8a0b3e1a2.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft-windows-xmllite_31bf3856ad364e35_6.0.6002.18482_none_8acd7ef8a0b3e1a2_xmllite.dll_ce078c31 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773_gdiplus.dll_423f7010 Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6002.18342_none_8da6678f6319a11a.manifest Locked file. Not tested. 
C:\Windows\winsxs\Backup\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.6002.18342_none_8da6678f6319a11a_gdiplus.dll_423f7010 Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_apppatch_1143992cbbbebcab.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_ehome_40103e2da1d121de.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_fonts_40104ba9a1d20dac.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_help_mui_0409_c7942094fabea651.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_inf_3f581daba4c8c835.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_media_401039ffa1d92906.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_microsoft.net_3296b36dbe4c7fa3.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_microsoft.net_framework_83386eac0379231b.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_microsoft.net_framework_v2.0.50727_e9368840261e60ee.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_microsoft.net_framework_v3.0_windows_communication_foundation_e07323de19ff1b52.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_microsoft.net_framework_v3.0_wpf_b56a2354fbfa0c31.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_policydefinitions_89130cdfc4d9c27c.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_policydefinitions_en-us_3b1c5b998da0d4ae.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_drivers_dc1b782427b5ee1b.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_en-us_429cd25484dc6f94.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_licensing_ppdlic_e4dbfd5267861904.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_migration_927a21df1acd7c18.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_mui_0409_ecc96e0e9498d62e.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_wbem_06656d9fdf2f8577.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_wbem_en-us_4555b1beb1c13883.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_3f102d555ee05d33.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_en-us_028e6949cac04f1d.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitstransfer_935cce3b0456eb87.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_windowspowershell_v1.0_modules_bitstransfer_en-us_8f6d5322d8d680dd.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\$$_system32_winrm_0409_a9926295fab42c40.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_common_files_d7a65bb2f0e854e7.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_common_files_microsoft_shared_818c5a0e45020fba.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_common_files_microsoft_shared_vgx_3c86fd9f0b3afd9b.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_common_files_system_ado_149a784bc852a2c0.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_common_files_system_b13078daf1286f60.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_common_files_system_msadc_48cda3763ecb3874.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_ffd0cbfc813cc4f1.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_internet_explorer_a421d1bfaf856e2b.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_internet_explorer_en-us_2650c83f8a48b821.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_movie_maker_ed8d29f9f8ff4e89.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_reference_assemblies_microsoft_framework_v3.0_44577d982216c291.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_windows_mail_e07902f329fe05e9.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_windows_media_player_da4e5f6eb3198de9.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_windows_media_player_en-us_94ff97943fc617cd.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_windows_nt_6101456faac5015c.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\program_files_windows_nt_accessories_156d2b9b22040474.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\FileMaps\_0000000000000000.cdf-ms Locked file. Not tested. 
C:\Windows\winsxs\Temp\PendingRenames\ Locked file. Not tested. 
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 2317645
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 1
------------------------------------------------------------

I did a search of the 'mswmdma.dll' file in the C drive, and it came up with nothing, as the screenshot shows:









I did see reference to the file in the scan logs, what must i do next?


----------



## kevinf80 (Mar 21, 2006)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
File::
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\mswmdma.dll
Folder::
c:\users\Matthew.davidp54-PC\AppData\Roaming\AVG10
c:\programdata\AVG10
c:\windows\system32\drivers\AVG
c:\program files\Common Files\Spigot
DirLook::
c:\programdata\Common Files
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"=hex:51,66,7a,6c,4c,1d,38,12,f3,6e,58,
45,a7,04,e3,0b,ca,a7,57,dd,d7,87,7f,a7
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}"=hex:51,66,7a,6c,4c,1d,38,12,2e,fd,ed,
e4,cb,b5,c0,07,c5,4e,3a,0c,a2,bd,bf,47
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{0E797919-F964-4628-A1D9-1E21894E52F5}"=hex:51,66,7a,6c,4c,1d,38,12,77,7a,6a,
0a,56,b7,46,03,de,cf,5d,61,8c,10,16,e1
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:07,37,8f,7b,8e,57,cc,01
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,c3,47,a6,db,ca,28,46,ae,5c,ff, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,c3,47,a6,db,ca,28,46,ae,5c,ff, \
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Kevin


----------



## theFAst0ne (Apr 16, 2009)

ComboFix 11-08-15.06 - Matthew 2011/08/16 0:05.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2045.1096 [GMT 1:00]
Running from: c:\users\Matthew.davidp54-PC\Desktop\gotcha.exe
Command switches used :: c:\users\Matthew.davidp54-PC\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\mswmdma.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\programdata\AVG10
c:\programdata\AVG10\Cfg\admin.cfg
c:\programdata\AVG10\Cfg\changecfgreg.cfg
c:\programdata\AVG10\Cfg\csl.cfg
c:\programdata\AVG10\Cfg\erd.cfg
c:\programdata\AVG10\Cfg\idp.cfg
c:\programdata\AVG10\Cfg\krnl.cfg
c:\programdata\AVG10\Cfg\mail.cfg
c:\programdata\AVG10\Cfg\mailsrv.cfg
c:\programdata\AVG10\Cfg\mailsrvvsapi.cfg
c:\programdata\AVG10\Cfg\malrep.cfg
c:\programdata\AVG10\Cfg\sched.cfg
c:\programdata\AVG10\Cfg\setup.cfg
c:\programdata\AVG10\Cfg\spsrv.cfg
c:\programdata\AVG10\Cfg\update.cfg
c:\programdata\AVG10\Cfg\updatecomps.cfg
c:\programdata\AVG10\Cfg\user.cfg
c:\programdata\AVG10\cfgall\falsealarm.cfg
c:\programdata\AVG10\cfgall\fw.cfg
c:\programdata\AVG10\cfgall\krnlall.cfg
c:\programdata\AVG10\cfgall\updateall.cfg
c:\programdata\AVG10\log\avgam.log
c:\programdata\AVG10\log\avgam.log.lock
c:\programdata\AVG10\log\avgcfg.log
c:\programdata\AVG10\log\avgcfg.log.lock
c:\programdata\AVG10\log\avgcfgex.log
c:\programdata\AVG10\log\avgcfgex.log.lock
c:\programdata\AVG10\log\avgchjw.log
c:\programdata\AVG10\log\avgchjw.log.lock
c:\programdata\AVG10\log\avgchjwsrv.log
c:\programdata\AVG10\log\avgchjwsrv.log.lock
c:\programdata\AVG10\log\avgcore.log
c:\programdata\AVG10\log\avgcore.log.1
c:\programdata\AVG10\log\avgcore.log.10
c:\programdata\AVG10\log\avgcore.log.2
c:\programdata\AVG10\log\avgcore.log.3
c:\programdata\AVG10\log\avgcore.log.4
c:\programdata\AVG10\log\avgcore.log.5
c:\programdata\AVG10\log\avgcore.log.6
c:\programdata\AVG10\log\avgcore.log.7
c:\programdata\AVG10\log\avgcore.log.8
c:\programdata\AVG10\log\avgcore.log.9
c:\programdata\AVG10\log\avgcore.log.lock
c:\programdata\AVG10\log\avgcsl.log
c:\programdata\AVG10\log\avgcsl.log.lock
c:\programdata\AVG10\log\avgexc.log
c:\programdata\AVG10\log\avgexc.log.lock
c:\programdata\AVG10\log\avgfw.log
c:\programdata\AVG10\log\avgfw.log.lock
c:\programdata\AVG10\log\avgfw8db.log
c:\programdata\AVG10\log\avgfw8db.log.lock
c:\programdata\AVG10\log\avgfw8u.log
c:\programdata\AVG10\log\avgfw8u.log.lock
c:\programdata\AVG10\log\avgfwui.log
c:\programdata\AVG10\log\avgfwui.log.lock
c:\programdata\AVG10\log\avgldr.log
c:\programdata\AVG10\log\avgldr.log.lock
c:\programdata\AVG10\log\avglng.log
c:\programdata\AVG10\log\avglng.log.lock
c:\programdata\AVG10\log\avgns.log
c:\programdata\AVG10\log\avgns.log.lock
c:\programdata\AVG10\log\avgpostinst.log
c:\programdata\AVG10\log\avgpostinst.log.lock
c:\programdata\AVG10\log\avgrs.log
c:\programdata\AVG10\log\avgrs.log.1
c:\programdata\AVG10\log\avgrs.log.lock
c:\programdata\AVG10\log\avgscan.log
c:\programdata\AVG10\log\avgscan.log.lock
c:\programdata\AVG10\log\avgsched.log
c:\programdata\AVG10\log\avgsched.log.lock
c:\programdata\AVG10\log\avgsrm.log
c:\programdata\AVG10\log\avgsrm.log.lock
c:\programdata\AVG10\log\avgtdi.log
c:\programdata\AVG10\log\avgtdi.log.lock
c:\programdata\AVG10\log\avgual.2011-08-14.log
c:\programdata\AVG10\log\avgual.log
c:\programdata\AVG10\log\avgual.log.lock
c:\programdata\AVG10\log\avgui.log
c:\programdata\AVG10\log\avgui.log.lock
c:\programdata\AVG10\log\avguidraw.log
c:\programdata\AVG10\log\avguidraw.log.lock
c:\programdata\AVG10\log\avgupd.log
c:\programdata\AVG10\log\avgupd.log.lock
c:\programdata\AVG10\log\avgwd.log
c:\programdata\AVG10\log\avgwd.log.lock
c:\programdata\AVG10\log\avgwdsvc.log
c:\programdata\AVG10\log\avgwdsvc.log.lock
c:\programdata\AVG10\log\commonpriv.log
c:\programdata\AVG10\log\commonpriv.log.lock
c:\programdata\AVG10\log\fixcfg.log
c:\programdata\AVG10\log\fixcfg.log.lock
c:\programdata\AVG10\log\fwstats_2011_08_14_22_32_22.fwstats
c:\programdata\AVG10\log\fwstats_2011_08_14_22_34_15.fwstats
c:\programdata\AVG10\log\fwstats_2011_08_15_00_27_47.fwstats
c:\programdata\AVG10\log\fwstats_2011_08_15_08_18_16.fwstats
c:\programdata\AVG10\log\history.xml
c:\programdata\AVG10\log\IDP\log\avgam_idp_DAVIDP54-PC$.log
c:\programdata\AVG10\log\IDP\log\avgfws_idp_DAVIDP54-PC$.log
c:\programdata\AVG10\log\IDP\log\avgtray_idp_Matthew.log
c:\programdata\AVG10\log\IDP\log\avgui_idp_Matthew.log
c:\programdata\AVG10\log\IDP\log\avgwdsvc_idp_DAVIDP54-PC$.log
c:\programdata\AVG10\log\vault.log
c:\programdata\AVG10\log\vault.log.lock
c:\programdata\AVG10\scanlogs\I_00000001.log
c:\programdata\AVG10\scanlogs\I_00000005.log
c:\programdata\AVG10\scanlogs\srm.idx
c:\users\Matthew.davidp54-PC\AppData\Roaming\AVG10
c:\users\Matthew.davidp54-PC\AppData\Roaming\AVG10\cfgall\usergui.cfg
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\compat12.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 )))))))))))))))))))))))))))))))
.
.
2011-08-15 23:22 . 2011-08-15 23:26	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\temp
2011-08-15 23:22 . 2011-08-15 23:22	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-08-15 23:22 . 2011-08-15 23:22	--------	d-----w-	c:\users\Giovanna\AppData\Local\temp
2011-08-15 23:22 . 2011-08-15 23:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-15 23:22 . 2011-08-15 23:22	--------	d-----w-	c:\users\davidp54\AppData\Local\temp
2011-08-14 22:32 . 2011-08-14 22:32	--------	d--h--w-	c:\programdata\Common Files
2011-08-14 22:21 . 2011-08-15 08:19	--------	d-----w-	c:\programdata\MFAData
2011-08-14 09:11 . 2011-08-14 09:12	--------	d-----w-	C:\3af0a8e7e6fc3b274e9061
2011-08-13 22:58 . 2011-08-13 22:58	388096	----a-r-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-13 22:58 . 2011-08-13 22:58	--------	d-----w-	c:\program files\Trend Micro
2011-08-13 22:41 . 2011-08-13 23:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41 . 2011-08-13 22:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Apps
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Deployment
2011-08-12 14:10 . 2011-08-12 14:11	--------	d-----w-	c:\users\Giovanna\AppData\Roaming\HTC
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\MagicSoftware
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51 . 2011-08-10 18:51	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-10 18:12 . 2011-08-10 18:12	65024	--sha-r-	c:\windows\system32\mswmdma.dll
2011-08-09 20:17 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 18:41 . 2011-08-09 18:41	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41 . 2011-08-09 18:41	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:40 . 2011-08-09 18:40	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40 . 2011-08-09 18:40	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28 . 2011-08-09 18:28	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:28 . 2011-08-09 18:28	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 08:31 . 2011-08-09 08:31	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48 . 2009-02-24 16:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2011-07-21 11:58 . 2011-07-21 11:58	--------	d-----w-	c:\program files\iPod
2011-07-21 11:58 . 2011-07-21 11:59	--------	d-----w-	c:\program files\iTunes
2011-07-21 11:56 . 2011-07-21 11:56	--------	d-----w-	c:\program files\Bonjour
2011-07-17 12:39 . 2011-07-17 12:39	--------	d-----w-	c:\program files\Application Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 12:47 . 2011-07-13 12:47	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47 . 2011-07-13 12:47	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46 . 2011-07-13 12:46	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46 . 2011-07-13 12:46	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-05-24 17:14 . 2010-07-25 11:39	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-14 16:41 . 2011-05-01 09:55	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\Common Files ----
.
2011-08-14 22:32 . 2011-08-14 22:32	96	---ha-w-	c:\programdata\Common Files\0B3EC6F5-9830-F679-14B9-6D2B4F005EE4.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"googletalk"="c:\users\Matthew.davidp54-PC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HW_OPENEYE_OUC_MTN Online"="c:\program files\MTN [email protected]\UpdateDog\ouc.exe" [2010-03-16 110592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Giovanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 MpKsl0d798752;MpKsl0d798752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F5449B6-E093-4B48-848E-650FCA25E35B}\MpKsl0d798752.sys [x]
R1 MpKsl1beafc06;MpKsl1beafc06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F00CF970-42FB-4166-8B30-9FB3E5965F43}\MpKsl1beafc06.sys [x]
R1 MpKsl61caa5ad;MpKsl61caa5ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D93D0F9-0C86-46FC-A1B7-6EFC5CB35539}\MpKsl61caa5ad.sys [x]
R1 MpKsl71ee565a;MpKsl71ee565a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKsl71ee565a.sys [x]
R1 MpKsl8ab4f3a7;MpKsl8ab4f3a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{292A3D70-6242-4E29-A96F-A8F2D56F087D}\MpKsl8ab4f3a7.sys [x]
R1 MpKsl8c564650;MpKsl8c564650;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32D6E33A-D96F-4B28-A931-D4C81AA2FFE9}\MpKsl8c564650.sys [x]
R1 MpKsl8e6bfa64;MpKsl8e6bfa64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D6A1A1-3D0A-46D3-A1FB-6A7A48032C0D}\MpKsl8e6bfa64.sys [x]
R1 MpKslc4771124;MpKslc4771124;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA1C585E-ABCA-4ACB-A94B-CC7C708204A5}\MpKslc4771124.sys [x]
R1 MpKslc5ca38be;MpKslc5ca38be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKslc5ca38be.sys [x]
R1 MpKsldbdb1bde;MpKsldbdb1bde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldbdb1bde.sys [x]
R1 MpKsldd116bb1;MpKsldd116bb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldd116bb1.sys [x]
R1 MpKsle1a2c4fa;MpKsle1a2c4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98497323-F18C-4231-831C-1493AEB3666A}\MpKsle1a2c4fa.sys [x]
R1 MpKslecb33c4a;MpKslecb33c4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKslecb33c4a.sys [x]
R2 AMService;AMService;c:\windows\TEMP\xnbcyf\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000Core.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000UA.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003Core.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003UA.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005Core.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005UA.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-16 00:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2226694355-1947302505-974820688-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4428)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-08-16 00:35:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-15 23:35
ComboFix2.txt 2011-08-15 09:17
ComboFix3.txt 2011-08-14 22:12
.
Pre-Run: 73*387*966*464 bytes free
Post-Run: 73*231*671*296 bytes free
.
- - End Of File - - C1AA2EB77D04379597FF50764B0D716A


----------



## kevinf80 (Mar 21, 2006)

It would seem that those two files we try to kill with CF are being protected, OK run the following please :-

Download the *GMER Rootkit Scanner*. Unzip it to your Desktop.
*Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur*

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:
*Temporarily disable Security*

*Do not use your computer for anything else during the scan.*

 Double click GMER.exe.








 If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on *NO* 
Then use the following settings for a more complete scan.. 
 In the right panel, you will see several boxes that have been checked. Ensure the following are *UNCHECKED* ... 
 *IAT/EAT*
 *Drives/Partition other than Systemdrive (typically C:\)* 
 *Show All (don't miss this one)*

 
_Click the image to enlarge it_


 Then click the Scan button & wait for it to finish. 
 Once done click on the *[Save..]* button, and in the File name area, type in *"ark.txt"* *
Save the log where you can easily find it, such as your desktop.
_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries _

Please copy and paste the report into your Post.


----------



## theFAst0ne (Apr 16, 2009)

Every time i try to run GMER, it stops responding and then the program closes. Upon trying to run it again, the PC crashes and restarts. The same happens when I try run it from safe mode. I then redownloaded the program and ran it again, but without success.


----------



## kevinf80 (Mar 21, 2006)

Are you sure all security was turned off before running GMER, ok try this scan please :-

Ensure all security is turned OFF then proceed


Please Download *Rootkit Unhooker* Save it to your desktop.
Now double-click on *RKUnhookerLE.exe *to run it.
Click the *Report *tab, then click *Scan*.
Check (Tick) *Drivers, Stealth*. Uncheck the rest. then Click *OK*.
Wait till the scanner has finished and then click *File, Save Report*.
Save the report somewhere where you can find it. Click *Close*.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

*"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"*

Kevin


----------



## theFAst0ne (Apr 16, 2009)

The link you provided doesn't work, could you please supply a new one.


----------



## kevinf80 (Mar 21, 2006)

Apologies, try this one http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE


----------



## theFAst0ne (Apr 16, 2009)

Here is the report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C400000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 10461184 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 266.58 )
0x8280C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8280C000 PnpManager 3907584 bytes
0x8280C000 RAW 3907584 bytes
0x8280C000 WMIxWDM 3907584 bytes
0x818C0000 Win32k 2113536 bytes
0x818C0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CE9B000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1343488 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x88A00000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8307B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D602000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8320D000 C:\Windows\System32\drivers\tcpip.sys 970752 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA430F000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x82EAA000 C:\Windows\system32\drivers\iastor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8D704000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA280D000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x82E09000 C:\Windows\system32\drivers\iastorv.sys 659456 bytes (Intel Corporation, Intel Matrix Storage Manager driver (base))
0x83315000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8CE0E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x9A206000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x9A35C000 C:\Windows\system32\drivers\btwaudio.sys 503808 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x8300A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80601000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA2914000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9A2EA000 C:\Windows\system32\drivers\btwavdt.sys 417792 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8D4A5000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x8D007000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xA427C000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x80729000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D84C000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80680000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D107000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x833B5000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D54C000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8D8D4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x831B1000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D950000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0xA4203000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88B10000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D45F000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BC6000 ACPI_HAL 208896 bytes
0x82BC6000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82F8E000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D81A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8079F000 C:\Windows\system32\DRIVERS\b57nd60x.sys 192512 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver.)
0x8D0D8000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8D4FA000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8D06B000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x83186000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D40C000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA28CD000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9A28E000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xA42E3000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA4254000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88B60000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8D7C6000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x806D7000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x805B5000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8D527000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D175000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x88B98000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D5AC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA29CC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82F70000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8D1E0000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xA2981000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x832FA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D9C8000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9A2C1000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x82FD9000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8D9E3000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA299E000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D0AD000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA423C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D920000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D153000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D937000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xAC20A000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D89D000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x805DB000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xA29B7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D1BB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D1A7000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x807DC000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8D806000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D058000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA2901000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D8C1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8D44D000 C:\Windows\system32\DRIVERS\ew_jubusenum.sys 73728 bytes (Huawei Technologies Co., Ltd., ew_jubusenum Driver)
0x88B87000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D494000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82FC0000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D9A2000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA28BD000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8078F000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8CFE3000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D1D0000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x9A2DB000 C:\Windows\system32\DRIVERS\bthmodem.sys 61440 bytes (Microsoft Corporation, Bluetooth Communications Driver)
0x88BE3000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9A3E4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88B51000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x806FE000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D198000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x831EC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8071A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8CE00000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x81B00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D8B3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D5E8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8077A000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x807CE000 C:\Windows\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0x80672000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8D9BB000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8D7B9000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D440000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x9A350000 C:\Windows\system32\DRIVERS\hidbth.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0xA42CB000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D5A0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88BF2000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D0A2000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D097000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D5DD000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D16A000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D148000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x88BCF000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x88BC2000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80710000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x9A2B7000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x9A3DA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xAC228000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8D436000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA28F7000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D910000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA43ED000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xAC24D000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0xAC257000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x88BB9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D7ED000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D999000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D9B2000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x82FD0000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8D5F6000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x81AE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x88BDA000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D0CF000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x806C6000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8D894000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x82F68000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xAC220000 C:\Windows\system32\drivers\BCM42RLY.sys 32768 bytes (Broadcom Corporation, Broadcom iLine10(tm) PCI Network Adapter Proxy Protocol Driver)
0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9A286000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806CF000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D5CD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D5D5000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88B49000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA42D7000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D589000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D599000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80773000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8D7F6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80788000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D0C5000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xAC247000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F41E7864-06C3-4C43-A0C3-DCFDB430A9E1}\MpKsl0e4554a1.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x8D91A000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{271E28E7-60F0-49DF-A13C-0C80DE9D91F3}\MpKsl673d0c81.sys 24576 bytes
0x8D0CB000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA430B000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x9A3D7000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x8070D000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x875B9000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8CDFA000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 266.58 )
0x8D98A000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter 
Driver (Win2K based))
0x8D1FD000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D94E000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

And when I turned my PC on, Microsoft Security Essentials automatically detected a threat and wants to clean it. I told it to do nothing. Here is a screenshot of it:








Should I tell it to clean or just leave it, as I don't want to interfere with your plans?


----------



## kevinf80 (Mar 21, 2006)

Nothing significant from RKU log, did the MSE alert come before or after you saved RKU to your Desktop. Yes Kill the threat, Also run a quick scan with MSE, tell me if it finds anything.

Next,

Re-run DDS and post a fresh set of logs please.....

Kevn


----------



## theFAst0ne (Apr 16, 2009)

MSE picked up 3 threats and removed 2 of them. It got halfway through cleaning it then encountered and error.








Should I run Spybot and see if it can find anything?

DDS:

DDS (Ver_2011-06-23.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Matthew at 18:09:28 on 2011-08-18
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.27.1033.18.2045.1110 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\prxtbSof2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\matthew.davidp54-pc\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [HW_OPENEYE_OUC_MTN Online] "c:\program files\mtn [email protected]\updatedog\ouc.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\matthe~1.dav\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: lujialo - c:\windows\system32\config\systemprofile\appdata\local\lujialo.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl2fa18676;MpKsl2fa18676;c:\programdata\microsoft\microsoft antimalware\definition updates\{70d58b47-b6c3-4cc4-9139-4b6b49f75399}\MpKsl2fa18676.sys [2011-8-18 28752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-3-9 73728]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-6-24 393112]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-13 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2011-1-9 689472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-3-10 179712]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2010-12-15 72832]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S2 AMService;AMService;c:\windows\temp\xnbcyf\setup.exe run --> c:\windows\temp\xnbcyf\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-8-19 229376]
S2 gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886);c:\program files\google\update\GoogleUpdate.exe [2009-5-4 133104]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2004-10-6 283904]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2004-10-4 43392]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-4 133104]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-9 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-7-26 8576]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-6-14 19968]
SUnknown qqoswjjj;qqoswjjj; [x]
.
=============== Created Last 30 ================
.
2011-08-18 16:58:17	28752	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{70d58b47-b6c3-4cc4-9139-4b6b49f75399}\MpKsl2fa18676.sys
2011-08-18 08:27:44	7152464	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{70d58b47-b6c3-4cc4-9139-4b6b49f75399}\mpengine.dll
2011-08-17 21:48:25	321536	----a-w-	c:\windows\system32\spool\prtprocs\w32x86\hpzpp696.dll
2011-08-17 21:32:32	118272	----a-w-	c:\windows\system32\hpz3l696.dll
2011-08-17 21:29:12	261432	----a-w-	c:\windows\system32\hpzids01.dll
2011-08-17 21:29:11	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2011-08-17 21:29:10	966656	----a-w-	c:\windows\system32\hpost_p02a.dll
2011-08-17 21:29:10	737280	----a-w-	c:\windows\system32\hposwia_p02a.dll
2011-08-17 21:29:10	307200	----a-w-	c:\windows\system32\hposc_p02a.dll
2011-08-17 21:29:09	309760	----a-w-	c:\windows\system32\difxapi.dll
2011-08-17 09:40:55	100864	----a-w-	C:\axtcqkod.sys
2011-08-17 08:24:25	7152464	----a-w-	c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-08-16 19:00:29	--------	d-----w-	c:\users\matthew.davidp54-pc\appdata\roaming\Exolgey
2011-08-16 19:00:28	--------	d-----w-	c:\users\matthew.davidp54-pc\appdata\roaming\Apzy
2011-08-16 08:19:35	439632	------w-	c:\programdata\microsoft\microsoft antimalware\definition updates\{73e4734c-2e90-456c-9f39-d8a589931161}\gapaengine.dll
2011-08-16 08:15:40	6881616	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{8c0eb1e1-ea0e-47bc-8fe3-e326d04deeec}\mpengine.dll
2011-08-16 08:15:18	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-15 23:35:58	--------	d-----w-	c:\users\matthew.davidp54-pc\appdata\local\temp
2011-08-15 23:33:38	--------	d-sh--w-	C:\$RECYCLE.BIN
2011-08-14 22:32:51	--------	d--h--w-	c:\programdata\Common Files
2011-08-14 22:21:50	--------	d-----w-	c:\programdata\MFAData
2011-08-14 21:29:46	98816	----a-w-	c:\windows\sed.exe
2011-08-14 21:29:46	518144	----a-w-	c:\windows\SWREG.exe
2011-08-14 21:29:46	256000	----a-w-	c:\windows\PEV.exe
2011-08-14 21:29:46	208896	----a-w-	c:\windows\MBR.exe
2011-08-14 09:11:44	--------	d-----w-	C:\3af0a8e7e6fc3b274e9061
2011-08-13 22:58:50	388096	----a-r-	c:\users\matthew.davidp54-pc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-08-13 22:58:46	--------	d-----w-	c:\program files\Trend Micro
2011-08-13 22:41:45	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-10 19:09:45	--------	d-----w-	c:\users\matthew.davidp54-pc\appdata\local\MagicSoftware
2011-08-10 19:09:35	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51:03	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-10 18:12:55	65024	--sha-r-	c:\windows\system32\mswmdma.dll
2011-08-09 20:17:35	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2011-08-09 18:41:15	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41:14	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:40:56	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40:56	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28:24	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:28:08	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 08:31:34	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26:18	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48:31	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2011-07-21 11:58:57	--------	d-----w-	c:\program files\iPod
2011-07-21 11:58:55	--------	d-----w-	c:\program files\iTunes
2011-07-21 11:56:41	--------	d-----w-	c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-08-09 18:27:34	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-08-09 18:27:32	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-08-09 18:27:30	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-13 12:47:52	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47:26	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46:43	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46:43	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20:54	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20:54	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-05-24 18:14:10	222080	------w-	c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:10:51.70 ===============


----------



## kevinf80 (Mar 21, 2006)

You appear to have picked up Alureon Rootkit on or about the 17th, Continue as follows :-

*Step 1*

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on *TDSSKiller.exe* to run the application, then on *Start Scan.*










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*".

Please copy and paste the contents of that file here.

*Step 2*

Delete Combofix from your Desktop, Download a fresh version from either of the following links, save to Desktop then run as you did previously:

*Link 1*
*Link 2*

Remember to turn off all security.

Post the logs from TDSSKiller and Combofix in next reply...

Kevin


----------



## theFAst0ne (Apr 16, 2009)

TDSSKiller:

2011/08/18 22:23:55.0520 3520	TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/18 22:23:55.0739 3520	================================================================================
2011/08/18 22:23:55.0740 3520	SystemInfo:
2011/08/18 22:23:55.0740 3520	
2011/08/18 22:23:55.0740 3520	OS Version: 6.0.6002 ServicePack: 2.0
2011/08/18 22:23:55.0740 3520	Product type: Workstation
2011/08/18 22:23:55.0740 3520	ComputerName: DAVIDP54-PC
2011/08/18 22:23:55.0740 3520	UserName: Matthew
2011/08/18 22:23:55.0740 3520	Windows directory: C:\Windows
2011/08/18 22:23:55.0740 3520	System windows directory: C:\Windows
2011/08/18 22:23:55.0740 3520	Processor architecture: Intel x86
2011/08/18 22:23:55.0740 3520	Number of processors: 2
2011/08/18 22:23:55.0740 3520	Page size: 0x1000
2011/08/18 22:23:55.0740 3520	Boot type: Normal boot
2011/08/18 22:23:55.0740 3520	================================================================================
2011/08/18 22:23:56.0905 3520	Initialize success
2011/08/18 22:24:02.0162 5796	================================================================================
2011/08/18 22:24:02.0162 5796	Scan started
2011/08/18 22:24:02.0162 5796	Mode: Manual; 
2011/08/18 22:24:02.0163 5796	================================================================================
2011/08/18 22:24:12.0026 5796	A5AGU (2e3145af30e7a54be5ac0a7a6606ea61) C:\Windows\system32\DRIVERS\A5AGU.sys
2011/08/18 22:24:12.0648 5796	ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/18 22:24:13.0094 5796	adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/18 22:24:13.0746 5796	adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/18 22:24:14.0238 5796	adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/18 22:24:14.0405 5796	adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/18 22:24:14.0808 5796	AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/18 22:24:16.0059 5796	agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/18 22:24:16.0290 5796	aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/18 22:24:17.0074 5796	aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/18 22:24:17.0502 5796	amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/18 22:24:18.0519 5796	amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/18 22:24:19.0135 5796	AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/18 22:24:19.0543 5796	AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/18 22:24:19.0965 5796	ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/08/18 22:24:20.0798 5796	arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/18 22:24:21.0457 5796	arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/18 22:24:22.0510 5796	AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/18 22:24:23.0059 5796	atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/18 22:24:23.0600 5796	ATHFMWDL (629ecfac73e13c3832ee56419bf7cdca) C:\Windows\system32\Drivers\ATHFMWDL.sys
2011/08/18 22:24:24.0105 5796	b57nd60x (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/18 22:24:24.0596 5796	BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/08/18 22:24:25.0210 5796	BCM43XX (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/18 22:24:25.0561 5796	Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/18 22:24:26.0178 5796	blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/18 22:24:28.0077 5796	bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/18 22:24:28.0302 5796	BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/18 22:24:28.0531 5796	BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/18 22:24:29.0470 5796	Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/18 22:24:29.0645 5796	BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/18 22:24:29.0802 5796	BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/18 22:24:30.0495 5796	BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/18 22:24:30.0798 5796	BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/18 22:24:31.0870 5796	BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/18 22:24:32.0394 5796	BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/18 22:24:32.0976 5796	BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/08/18 22:24:33.0433 5796	BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/18 22:24:33.0750 5796	btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/08/18 22:24:35.0142 5796	btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/08/18 22:24:35.0336 5796	btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/18 22:24:37.0254 5796	cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/18 22:24:37.0454 5796	cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/18 22:24:37.0612 5796	circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/18 22:24:37.0733 5796	CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/18 22:24:38.0667 5796	CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/18 22:24:38.0817 5796	cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/18 22:24:39.0482 5796	Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/18 22:24:40.0296 5796	crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/18 22:24:40.0479 5796	Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/18 22:24:41.0133 5796	DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/18 22:24:41.0336 5796	disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/18 22:24:41.0671 5796	dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/18 22:24:42.0047 5796	Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/18 22:24:42.0231 5796	dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/18 22:24:42.0465 5796	drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/18 22:24:42.0907 5796	DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/18 22:24:43.0138 5796	e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/18 22:24:43.0421 5796	E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/18 22:24:43.0647 5796	Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/18 22:24:44.0013 5796	elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/18 22:24:44.0238 5796	ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/18 22:24:44.0465 5796	exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/18 22:24:44.0918 5796	fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/18 22:24:45.0111 5796	fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/18 22:24:45.0350 5796	FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/18 22:24:45.0549 5796	Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/18 22:24:45.0737 5796	flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/18 22:24:46.0053 5796	FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/18 22:24:46.0314 5796	fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/18 22:24:46.0494 5796	Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/18 22:24:46.0697 5796	gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/18 22:24:46.0918 5796	GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/18 22:24:47.0440 5796	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/18 22:24:47.0662 5796	HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/18 22:24:47.0831 5796	HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/18 22:24:48.0036 5796	HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/18 22:24:48.0237 5796	HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/18 22:24:48.0401 5796	HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/18 22:24:48.0638 5796	HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/18 22:24:48.0899 5796	HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/18 22:24:49.0138 5796	HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/08/18 22:24:49.0516 5796	htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
2011/08/18 22:24:49.0898 5796	HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/18 22:24:50.0076 5796	huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/08/18 22:24:50.0292 5796	hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/18 22:24:50.0637 5796	i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/18 22:24:51.0043 5796	i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/18 22:24:51.0268 5796	iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
2011/08/18 22:24:51.0529 5796	iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/18 22:24:51.0994 5796	iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/18 22:24:52.0173 5796	intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/18 22:24:52.0451 5796	intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/18 22:24:52.0646 5796	IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/18 22:24:53.0069 5796	IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/18 22:24:53.0247 5796	IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/18 22:24:53.0477 5796	IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/18 22:24:53.0783 5796	isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/18 22:24:54.0243 5796	iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/18 22:24:54.0465 5796	iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/18 22:24:54.0638 5796	iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/18 22:24:54.0964 5796	kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/18 22:24:55.0358 5796	kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/18 22:24:55.0598 5796	KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/08/18 22:24:56.0390 5796	KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/18 22:24:56.0592 5796	lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/18 22:24:56.0881 5796	LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/18 22:24:57.0018 5796	LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/18 22:24:57.0240 5796	LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/18 22:24:57.0458 5796	luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/18 22:24:57.0702 5796	mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/18 22:24:58.0080 5796	mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/18 22:24:58.0310 5796	megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/18 22:24:58.0584 5796	MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/18 22:24:58.0769 5796	Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/18 22:24:59.0156 5796	monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/18 22:24:59.0294 5796	mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/18 22:24:59.0824 5796	mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/18 22:25:00.0154 5796	MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/18 22:25:00.0418 5796	MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/18 22:25:00.0709 5796	mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/18 22:25:01.0415 5796	MpKsl44637e4d (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A0B8F6A-B5C9-46D0-9312-3A3C884AEA2A}\MpKsl44637e4d.sys
2011/08/18 22:25:02.0355 5796	MpKsl84dcbbc5 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A0B8F6A-B5C9-46D0-9312-3A3C884AEA2A}\MpKsl84dcbbc5.sys
2011/08/18 22:25:05.0569 5796	MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/18 22:25:05.0719 5796	mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/18 22:25:06.0272 5796	Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/18 22:25:06.0856 5796	MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/18 22:25:07.0034 5796	mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/18 22:25:07.0398 5796	mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/18 22:25:07.0513 5796	mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/18 22:25:07.0718 5796	msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/08/18 22:25:07.0986 5796	msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/18 22:25:08.0209 5796	Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/18 22:25:08.0442 5796	msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/18 22:25:08.0716 5796	MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/18 22:25:08.0982 5796	MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/18 22:25:09.0177 5796	MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/18 22:25:09.0439 5796	MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/18 22:25:09.0598 5796	mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/18 22:25:09.0811 5796	MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/18 22:25:10.0074 5796	Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/18 22:25:10.0405 5796	NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/18 22:25:10.0523 5796	NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/18 22:25:10.0699 5796	NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/18 22:25:10.0834 5796	Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/18 22:25:11.0131 5796	NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/18 22:25:11.0228 5796	NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/18 22:25:11.0569 5796	NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/18 22:25:11.0848 5796	netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/18 22:25:12.0118 5796	nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/18 22:25:12.0292 5796	NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/18 22:25:12.0646 5796	nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\Windows\system32\drivers\ccdcmb.sys
2011/08/18 22:25:12.0825 5796	nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\Windows\system32\drivers\ccdcmbo.sys
2011/08/18 22:25:13.0021 5796	nmwcdnsu (28d40797bcb050321fa6674b08a620c0) C:\Windows\system32\drivers\nmwcdnsu.sys
2011/08/18 22:25:13.0229 5796	nmwcdnsuc (7804e9747bc27eddc6a8382bbf35cf25) C:\Windows\system32\drivers\nmwcdnsuc.sys
2011/08/18 22:25:13.0461 5796	Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/18 22:25:13.0930 5796	nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/18 22:25:14.0364 5796	Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/18 22:25:14.0708 5796	ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/18 22:25:14.0856 5796	Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/18 22:25:15.0394 5796	nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/18 22:25:16.0044 5796	nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/18 22:25:16.0223 5796	nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/18 22:25:16.0413 5796	nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/18 22:25:16.0966 5796	OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/08/18 22:25:17.0085 5796	OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/08/18 22:25:17.0319 5796	ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/18 22:25:17.0534 5796	Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/18 22:25:17.0832 5796	partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/18 22:25:17.0938 5796	Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/18 22:25:18.0115 5796	pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/08/18 22:25:18.0278 5796	PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/08/18 22:25:18.0530 5796	pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/18 22:25:18.0835 5796	pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/18 22:25:19.0103 5796	pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/18 22:25:19.0280 5796	PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/18 22:25:19.0536 5796	PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/18 22:25:19.0759 5796	Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/18 22:25:19.0967 5796	PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/18 22:25:20.0406 5796	PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/18 22:25:20.0612 5796	ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/18 22:25:21.0416 5796	ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/18 22:25:21.0590 5796	QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/18 22:25:22.0097 5796	R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/18 22:25:22.0401 5796	RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/18 22:25:22.0486 5796	Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/18 22:25:22.0640 5796	RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/18 22:25:22.0698 5796	RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/18 22:25:23.0125 5796	rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/18 22:25:23.0296 5796	RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/18 22:25:23.0461 5796	rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/18 22:25:23.0631 5796	RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/18 22:25:23.0776 5796	RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/18 22:25:24.0133 5796	RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/18 22:25:24.0300 5796	rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/18 22:25:24.0504 5796	rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/18 22:25:25.0392 5796	rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/18 22:25:25.0824 5796	rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/18 22:25:26.0055 5796	s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
2011/08/18 22:25:26.0230 5796	s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\Windows\system32\DRIVERS\s115mdfl.sys
2011/08/18 22:25:26.0511 5796	s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\Windows\system32\DRIVERS\s115mdm.sys
2011/08/18 22:25:27.0198 5796	s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
2011/08/18 22:25:27.0428 5796	s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\Windows\system32\DRIVERS\s115obex.sys
2011/08/18 22:25:27.0795 5796	sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/18 22:25:28.0087 5796	sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/18 22:25:28.0280 5796	secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/18 22:25:28.0424 5796	Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/18 22:25:28.0501 5796	Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/18 22:25:29.0250 5796	sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/18 22:25:29.0433 5796	sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/18 22:25:29.0486 5796	sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/18 22:25:29.0547 5796	sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/18 22:25:29.0977 5796	sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/18 22:25:30.0246 5796	sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/18 22:25:30.0465 5796	SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/18 22:25:31.0186 5796	SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/18 22:25:31.0384 5796	Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/18 22:25:31.0623 5796	spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/18 22:25:31.0781 5796	srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/18 22:25:31.0885 5796	srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/18 22:25:32.0122 5796	srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/18 22:25:32.0404 5796	STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
2011/08/18 22:25:32.0866 5796	StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/08/18 22:25:33.0287 5796	swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/18 22:25:33.0370 5796	Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/18 22:25:33.0576 5796	Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/18 22:25:33.0761 5796	Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/18 22:25:33.0928 5796	taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/08/18 22:25:34.0055 5796	Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
2011/08/18 22:25:34.0301 5796	Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/18 22:25:34.0470 5796	tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/18 22:25:34.0682 5796	TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/18 22:25:34.0765 5796	TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/18 22:25:34.0812 5796	tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/18 22:25:34.0927 5796	TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/18 22:25:35.0082 5796	tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/18 22:25:35.0131 5796	tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/18 22:25:35.0173 5796	tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/18 22:25:35.0214 5796	uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/18 22:25:35.0272 5796	udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/18 22:25:35.0421 5796	uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/18 22:25:35.0488 5796	uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/18 22:25:35.0550 5796	UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/18 22:25:35.0617 5796	ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/18 22:25:35.0680 5796	umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/18 22:25:35.0804 5796	upperdev (e526a166e6acafd0a9b3841d3941669e) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/08/18 22:25:35.0892 5796	USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/18 22:25:35.0931 5796	usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/18 22:25:35.0990 5796	usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/18 22:25:36.0060 5796	usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/18 22:25:36.0111 5796	usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/18 22:25:36.0206 5796	usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/18 22:25:36.0270 5796	usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/18 22:25:36.0347 5796	usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/18 22:25:36.0444 5796	usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
2011/08/18 22:25:36.0491 5796	UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/08/18 22:25:36.0566 5796	USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/18 22:25:36.0643 5796	usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/18 22:25:36.0692 5796	usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/08/18 22:25:36.0762 5796	vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/18 22:25:36.0823 5796	VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/18 22:25:36.0859 5796	viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/18 22:25:36.0906 5796	ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/18 22:25:36.0943 5796	viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/18 22:25:37.0000 5796	volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/18 22:25:37.0055 5796	volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/18 22:25:37.0118 5796	volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/18 22:25:37.0200 5796	vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/18 22:25:37.0293 5796	w800bus (731ee7f3e635ee060ede1bb26c90d231) C:\Windows\system32\DRIVERS\w800bus.sys
2011/08/18 22:25:37.0433 5796	w800mdfl (ea5fd1aa88ea436bc6218282507ef450) C:\Windows\system32\DRIVERS\w800mdfl.sys
2011/08/18 22:25:37.0522 5796	w800mdm (806eced80c80ee07dd32ff720ca9d8d6) C:\Windows\system32\DRIVERS\w800mdm.sys
2011/08/18 22:25:37.0722 5796	w800mgmt (b420b0023f068cbf00e1b9591bed1437) C:\Windows\system32\DRIVERS\w800mgmt.sys
2011/08/18 22:25:38.0276 5796	w800obex (dcd2be4ebb36cfac0fe9094d5aa2c618) C:\Windows\system32\DRIVERS\w800obex.sys
2011/08/18 22:25:38.0694 5796	WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/18 22:25:38.0957 5796	Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 22:25:38.0976 5796	Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/18 22:25:39.0136 5796	Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/18 22:25:39.0291 5796	Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/18 22:25:39.0515 5796	WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/18 22:25:39.0791 5796	winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/18 22:25:40.0207 5796	winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/08/18 22:25:40.0399 5796	WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/18 22:25:40.0611 5796	WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/18 22:25:40.0865 5796	ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/18 22:25:41.0399 5796	WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/08/18 22:25:41.0598 5796	WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
2011/08/18 22:25:42.0462 5796	WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/08/18 22:25:42.0667 5796	WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/18 22:25:43.0324 5796	XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/18 22:25:43.0537 5796	MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/08/18 22:25:43.0545 5796	\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/18 22:25:43.0575 5796	Boot (0x1200) (74f483610cb7f3703111938e4316e2cc) \Device\Harddisk0\DR0\Partition0
2011/08/18 22:25:43.0691 5796	Boot (0x1200) (0a2eb90595c2ec2aa605762e13ae8561) \Device\Harddisk0\DR0\Partition1
2011/08/18 22:25:43.0699 5796	================================================================================
2011/08/18 22:25:43.0699 5796	Scan finished
2011/08/18 22:25:43.0699 5796	================================================================================
2011/08/18 22:25:43.0721 3040	Detected object count: 1
2011/08/18 22:25:43.0721 3040	Actual detected object count: 1
2011/08/18 22:25:54.0742 3040	\Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/18 22:25:54.0742 3040	\Device\Harddisk0\DR0 - ok
2011/08/18 22:25:54.0743 3040	Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 
2011/08/18 22:26:00.0121 5328	Deinitialize success

Combofix:

ComboFix 11-08-18.02 - Matthew 2011/08/18 22:35:17.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2045.1107 [GMT 1:00]
Running from: c:\users\Matthew.davidp54-PC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5830\Downloads\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\users\davidp54\Desktop\Internet Explorer.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 21:51 . 2011-08-18 21:51	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\temp
2011-08-18 21:51 . 2011-08-18 21:51	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-08-18 21:51 . 2011-08-18 21:51	--------	d-----w-	c:\users\Giovanna\AppData\Local\temp
2011-08-18 21:51 . 2011-08-18 21:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-18 21:51 . 2011-08-18 21:51	--------	d-----w-	c:\users\davidp54\AppData\Local\temp
2011-08-18 21:26 . 2011-08-18 21:26	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A0B8F6A-B5C9-46D0-9312-3A3C884AEA2A}\MpKslde8079e3.sys
2011-08-18 17:15 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A0B8F6A-B5C9-46D0-9312-3A3C884AEA2A}\mpengine.dll
2011-08-18 09:31 . 2011-08-18 09:31	--------	d-----w-	c:\users\Default\AppData\Roaming\Apple Computer
2011-08-18 09:31 . 2011-08-18 09:31	--------	d-----w-	c:\users\Default\AppData\Local\Apple Computer
2011-08-17 21:48 . 2008-10-17 13:55	321536	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2011-08-17 21:32 . 2008-10-17 10:45	118272	----a-w-	c:\windows\system32\hpz3l696.dll
2011-08-17 21:29 . 2009-03-03 18:12	261432	----a-w-	c:\windows\system32\hpzids01.dll
2011-08-17 21:29 . 2008-10-29 00:31	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2011-08-17 21:29 . 2008-10-29 23:44	737280	----a-w-	c:\windows\system32\hposwia_p02a.dll
2011-08-17 21:29 . 2008-10-10 09:10	966656	----a-w-	c:\windows\system32\hpost_p02a.dll
2011-08-17 21:29 . 2008-10-10 09:10	307200	----a-w-	c:\windows\system32\hposc_p02a.dll
2011-08-17 21:29 . 2008-10-29 00:31	309760	----a-w-	c:\windows\system32\difxapi.dll
2011-08-17 20:32 . 2011-08-17 20:32	--------	d-----w-	c:\users\davidp54\AppData\Local\Amazon
2011-08-17 19:58 . 2011-08-18 09:11	--------	d-----w-	c:\users\davidp54\AppData\Roaming\Isgauhg
2011-08-17 19:58 . 2011-08-17 20:09	--------	d-----w-	c:\users\davidp54\AppData\Roaming\Ukreiqe
2011-08-17 09:40 . 2011-08-17 09:40	100864	----a-w-	C:\axtcqkod.sys
2011-08-17 08:24 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-16 20:50 . 2011-08-16 20:50	--------	d-----w-	c:\windows\Sun
2011-08-16 19:00 . 2011-08-16 21:07	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Exolgey
2011-08-16 19:00 . 2011-08-18 08:59	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Apzy
2011-08-16 19:00 . 2011-08-16 19:00	99840	----a-w-	c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xuicem.exe
2011-08-16 19:00 . 2011-08-16 19:00	99840	----a-w-	c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\piluob.exe
2011-08-16 08:19 . 2011-08-16 08:19	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73E4734C-2E90-456C-9F39-D8A589931161}\gapaengine.dll
2011-08-16 08:15 . 2011-07-20 08:44	6881616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C0EB1E1-EA0E-47BC-8FE3-E326D04DEEEC}\mpengine.dll
2011-08-16 08:15 . 2011-08-16 08:15	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-14 22:32 . 2011-08-14 22:32	--------	d--h--w-	c:\programdata\Common Files
2011-08-14 22:21 . 2011-08-15 08:19	--------	d-----w-	c:\programdata\MFAData
2011-08-14 09:11 . 2011-08-14 09:12	--------	d-----w-	C:\3af0a8e7e6fc3b274e9061
2011-08-13 22:58 . 2011-08-13 22:58	388096	----a-r-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-13 22:58 . 2011-08-13 22:58	--------	d-----w-	c:\program files\Trend Micro
2011-08-13 22:41 . 2011-08-13 23:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41 . 2011-08-13 22:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Apps
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Deployment
2011-08-12 14:10 . 2011-08-12 14:11	--------	d-----w-	c:\users\Giovanna\AppData\Roaming\HTC
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\MagicSoftware
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51 . 2011-08-10 18:51	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-10 18:12 . 2011-08-10 18:12	65024	--sha-r-	c:\windows\system32\mswmdma.dll
2011-08-09 20:17 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 18:41 . 2011-08-09 18:41	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41 . 2011-08-09 18:41	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:40 . 2011-08-09 18:40	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40 . 2011-08-09 18:40	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28 . 2011-08-09 18:28	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:28 . 2011-08-09 18:28	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 08:31 . 2011-08-09 08:31	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48 . 2009-02-24 16:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2011-07-21 11:58 . 2011-07-21 11:58	--------	d-----w-	c:\program files\iPod
2011-07-21 11:58 . 2011-07-21 11:59	--------	d-----w-	c:\program files\iTunes
2011-07-21 11:56 . 2011-07-21 11:56	--------	d-----w-	c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 12:47 . 2011-07-13 12:47	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47 . 2011-07-13 12:47	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46 . 2011-07-13 12:46	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46 . 2011-07-13 12:46	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w- c:\windows\system32\dnssd.dll
2011-05-24 18:14 . 2010-07-25 11:39	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-14 16:41 . 2011-05-01 09:55	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"googletalk"="c:\users\Matthew.davidp54-PC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HW_OPENEYE_OUC_MTN Online"="c:\program files\MTN [email protected]\UpdateDog\ouc.exe" [2010-03-16 110592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Giovanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lujialo]
2011-08-16 08:19	11264	----a-w-	c:\windows\System32\config\systemprofile\AppData\Local\lujialo.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 bzvexorj;bzvexorj;c:\windows\system32\drivers\bzvexorj.sys [x]
R1 ghynvvaw;ghynvvaw;c:\windows\system32\drivers\ghynvvaw.sys [x]
R1 MpKsl0d798752;MpKsl0d798752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F5449B6-E093-4B48-848E-650FCA25E35B}\MpKsl0d798752.sys [x]
R1 MpKsl1beafc06;MpKsl1beafc06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F00CF970-42FB-4166-8B30-9FB3E5965F43}\MpKsl1beafc06.sys [x]
R1 MpKsl61caa5ad;MpKsl61caa5ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D93D0F9-0C86-46FC-A1B7-6EFC5CB35539}\MpKsl61caa5ad.sys [x]
R1 MpKsl685d8af0;MpKsl685d8af0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70D58B47-B6C3-4CC4-9139-4B6B49F75399}\MpKsl685d8af0.sys [x]
R1 MpKsl71ee565a;MpKsl71ee565a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKsl71ee565a.sys [x]
R1 MpKsl8ab4f3a7;MpKsl8ab4f3a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{292A3D70-6242-4E29-A96F-A8F2D56F087D}\MpKsl8ab4f3a7.sys [x]
R1 MpKsl8c564650;MpKsl8c564650;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32D6E33A-D96F-4B28-A931-D4C81AA2FFE9}\MpKsl8c564650.sys [x]
R1 MpKsl8e6bfa64;MpKsl8e6bfa64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D6A1A1-3D0A-46D3-A1FB-6A7A48032C0D}\MpKsl8e6bfa64.sys [x]
R1 MpKslbdcd0a7c;MpKslbdcd0a7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D94AAEF6-1062-4854-97F9-029849C26B87}\MpKslbdcd0a7c.sys [x]
R1 MpKslc4771124;MpKslc4771124;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA1C585E-ABCA-4ACB-A94B-CC7C708204A5}\MpKslc4771124.sys [x]
R1 MpKslc5ca38be;MpKslc5ca38be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKslc5ca38be.sys [x]
R1 MpKsldbdb1bde;MpKsldbdb1bde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldbdb1bde.sys [x]
R1 MpKsldd116bb1;MpKsldd116bb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldd116bb1.sys [x]
R1 MpKsle1a2c4fa;MpKsle1a2c4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98497323-F18C-4231-831C-1493AEB3666A}\MpKsle1a2c4fa.sys [x]
R1 MpKslecb33c4a;MpKslecb33c4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKslecb33c4a.sys [x]
R2 AMService;AMService;c:\windows\TEMP\xnbcyf\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-05-12 21744]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S1 MpKslde8079e3;MpKslde8079e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A0B8F6A-B5C9-46D0-9312-3A3C884AEA2A}\MpKslde8079e3.sys [2011-08-18 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLDE8079E3
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
HPService	REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000Core.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000UA.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003Core.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003UA.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005Core.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005UA.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-18 22:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2226694355-1947302505-974820688-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-08-18 22:55:43
ComboFix-quarantined-files.txt 2011-08-18 21:55
ComboFix2.txt 2011-08-15 23:35
ComboFix3.txt 2011-08-15 09:17
ComboFix4.txt 2011-08-14 22:12
.
Pre-Run: 70*805*291*008 bytes free
Post-Run: 71*183*282*176 bytes free
.
- - End Of File - - AFE0E9C9A8DDF2B01BF0B332EF302BE2


----------



## theFAst0ne (Apr 16, 2009)

just did a quick scan with MSE, it found nothing


----------



## kevinf80 (Mar 21, 2006)

Thanks for the new logs and feedback, there is still malware present on your system. However, without the protection of the rootkit which we nailed with TDSSKiller we should be able to finish it off.

Continue as follows please :-

*Step 1*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
DirLook::
c:\users\davidp54\AppData\Local\Amazon
c:\users\davidp54\AppData\Roaming\Isgauhg
c:\users\davidp54\AppData\Roaming\Ukreiqe
c:\users\Matthew.davidp54-PC\AppData\Roaming\Exolgey
c:\users\Matthew.davidp54-PC\AppData\Roaming\Apzy
c:\windows\Sun
File::
C:\axtcqkod.sys
c:\windows\system32\mswmdma.dll
c:\windows\system32\ConduitEngine.tmp
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xuicem.exe
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\piluob.exe
c:\windows\system32\drivers\bzvexorj.sys
c:\windows\system32\drivers\ghynvvaw.sys
Driver::
bzvexorj
ghynvvaw
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*Step 2*

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

Also be aware this scan can take between one and several hours to complete depending on the size of your system.

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

*Step 3*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see those three logs in your next reply, also give an update on any remaining issues or concerns....

Kevin


----------



## theFAst0ne (Apr 16, 2009)

Combofix:

ComboFix 11-08-18.02 - Matthew 2011/08/19 9:05.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2045.1028 [GMT 1:00]
Running from: c:\users\Matthew.davidp54-PC\Desktop\ComboFix.exe
Command switches used :: c:\users\Matthew.davidp54-PC\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\axtcqkod.sys"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xuicem.exe"
"c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\piluob.exe"
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\system32\drivers\bzvexorj.sys"
"c:\windows\system32\drivers\ghynvvaw.sys"
"c:\windows\system32\mswmdma.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bzvexorj
-------\Service_ghynvvaw
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-19 08:20 . 2011-08-19 08:23	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\temp
2011-08-19 08:20 . 2011-08-19 08:20	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-08-19 08:20 . 2011-08-19 08:20	--------	d-----w-	c:\users\Giovanna\AppData\Local\temp
2011-08-19 08:20 . 2011-08-19 08:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-19 08:20 . 2011-08-19 08:20	--------	d-----w-	c:\users\davidp54\AppData\Local\temp
2011-08-19 07:57 . 2011-08-19 07:57	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F7C5B7-ADBC-4614-9098-88FF02447AE7}\MpKsle548b406.sys
2011-08-18 22:01 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F7C5B7-ADBC-4614-9098-88FF02447AE7}\mpengine.dll
2011-08-18 09:31 . 2011-08-18 09:31	--------	d-----w-	c:\users\Default\AppData\Roaming\Apple Computer
2011-08-18 09:31 . 2011-08-18 09:31	--------	d-----w-	c:\users\Default\AppData\Local\Apple Computer
2011-08-17 21:48 . 2008-10-17 13:55	321536	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2011-08-17 21:32 . 2008-10-17 10:45	118272	----a-w-	c:\windows\system32\hpz3l696.dll
2011-08-17 21:29 . 2009-03-03 18:12	261432	----a-w-	c:\windows\system32\hpzids01.dll
2011-08-17 21:29 . 2008-10-29 00:31	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2011-08-17 21:29 . 2008-10-29 23:44	737280	----a-w-	c:\windows\system32\hposwia_p02a.dll
2011-08-17 21:29 . 2008-10-10 09:10	966656	----a-w-	c:\windows\system32\hpost_p02a.dll
2011-08-17 21:29 . 2008-10-10 09:10	307200	----a-w-	c:\windows\system32\hposc_p02a.dll
2011-08-17 21:29 . 2008-10-29 00:31	309760	----a-w-	c:\windows\system32\difxapi.dll
2011-08-17 20:32 . 2011-08-17 20:32	--------	d-----w-	c:\users\davidp54\AppData\Local\Amazon
2011-08-17 19:58 . 2011-08-18 09:11	--------	d-----w-	c:\users\davidp54\AppData\Roaming\Isgauhg
2011-08-17 19:58 . 2011-08-17 20:09	--------	d-----w-	c:\users\davidp54\AppData\Roaming\Ukreiqe
2011-08-17 09:40 . 2011-08-19 08:04	100864	----a-w-	C:\axtcqkod.sys
2011-08-17 08:24 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-16 20:50 . 2011-08-16 20:50	--------	d-----w-	c:\windows\Sun
2011-08-16 19:00 . 2011-08-16 21:07	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Exolgey
2011-08-16 19:00 . 2011-08-18 08:59	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Apzy
2011-08-16 08:19 . 2011-08-16 08:19	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73E4734C-2E90-456C-9F39-D8A589931161}\gapaengine.dll
2011-08-16 08:15 . 2011-07-20 08:44	6881616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C0EB1E1-EA0E-47BC-8FE3-E326D04DEEEC}\mpengine.dll
2011-08-16 08:15 . 2011-08-16 08:15	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-14 22:32 . 2011-08-14 22:32	--------	d--h--w-	c:\programdata\Common Files
2011-08-14 22:21 . 2011-08-15 08:19	--------	d-----w-	c:\programdata\MFAData
2011-08-14 09:11 . 2011-08-14 09:12	--------	d-----w-	C:\3af0a8e7e6fc3b274e9061
2011-08-13 22:58 . 2011-08-13 22:58	388096	----a-r-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-13 22:58 . 2011-08-13 22:58	--------	d-----w-	c:\program files\Trend Micro
2011-08-13 22:41 . 2011-08-13 23:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41 . 2011-08-13 22:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Apps
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Deployment
2011-08-12 14:10 . 2011-08-12 14:11	--------	d-----w-	c:\users\Giovanna\AppData\Roaming\HTC
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\MagicSoftware
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51 . 2011-08-10 18:51	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-10 18:12 . 2011-08-10 18:12	65024	--sha-r-	c:\windows\system32\mswmdma.dll
2011-08-09 20:17 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 18:41 . 2011-08-09 18:41	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41 . 2011-08-09 18:41	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:40 . 2011-08-09 18:40	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40 . 2011-08-09 18:40	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28 . 2011-08-09 18:28	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:28 . 2011-08-09 18:28	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 08:31 . 2011-08-09 08:31	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48 . 2009-02-24 16:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
2011-07-21 11:58 . 2011-07-21 11:58	--------	d-----w-	c:\program files\iPod
2011-07-21 11:58 . 2011-07-21 11:59	--------	d-----w-	c:\program files\iTunes
2011-07-21 11:56 . 2011-07-21 11:56	--------	d-----w-	c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 12:47 . 2011-07-13 12:47	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47 . 2011-07-13 12:47	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46 . 2011-07-13 12:46	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46 . 2011-07-13 12:46	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-05-24 18:14 . 2010-07-25 11:39	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-14 16:41 . 2011-05-01 09:55	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\davidp54\AppData\Local\Amazon ----
.
2011-08-17 20:51 . 2011-08-17 20:51	3029	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\MetricsManager.txt
2011-08-17 20:51 . 2011-08-17 20:51	59	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\AnnotationCache.xml
2011-08-17 20:51 . 2011-08-17 20:51	1727	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\KindleSyncMetadataCache.xml
2011-08-17 20:36 . 2011-08-17 20:36	0	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\book_temp_dl\B003ODIZL6_EBOK.azw.ebookdownloading
2011-08-17 20:32 . 2011-08-17 20:32	226832	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\covers\B58B6C27B9BBE5E15038FDA9BC5AEB71.jpg
2011-08-17 20:32 . 2011-08-17 20:32	496769	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\covers\33F0D060AFB78AC9507E647A8E72CFF6.jpg
2011-08-17 20:32 . 2011-08-17 20:32	368188	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\covers\D7CAEE70E5727B757FEC76CBFC3AC093.jpg
2011-08-17 20:32 . 2011-08-17 20:32	17408	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\webkit\WebpageIcons.db
2011-08-17 20:32 . 2011-08-17 20:32	12288	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\db\sockeye.dat
2011-08-17 20:32 . 2011-08-17 20:32	12288	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\Cache\db\steelhead.dat
2011-08-17 20:32 . 2011-08-17 20:32	2317	----a-r-	c:\users\davidp54\AppData\Local\Amazon\Kindle\style\reflow.tss
2011-08-17 20:32 . 2011-08-17 20:51	12373	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\storage\rainier.2.1.1.kinf
2011-08-17 20:32 . 2011-08-17 20:32	190480	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\uninstall.exe
2011-07-19 22:16 . 2011-07-19 22:16	14943848	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\icudt44.dll
2011-07-19 22:16 . 2011-07-19 22:16	1156200	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\icuuc44.dll
2011-07-19 22:16 . 2011-07-19 22:16	10676840	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\QtWebkit4.dll
2011-07-19 22:16 . 2011-07-19 22:16	343144	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\QtXml4.dll
2011-07-19 22:16 . 2011-07-19 22:16	173672	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\plugins\accessible\qtaccessiblewidgets4.dll
2011-07-19 22:16 . 2011-07-19 22:16	29800	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\plugins\imageformats\qgif4.dll
2011-07-19 22:16 . 2011-07-19 22:16	199272	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\plugins\imageformats\qjpeg4.dll
2011-07-19 22:16 . 2011-07-19 22:16	2241640	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\QtCore4.dll
2011-07-19 22:16 . 2011-07-19 22:16	7947368	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\QtGui4.dll
2011-07-19 22:16 . 2011-07-19 22:16	894568	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\QtNetwork4.dll
2011-07-19 22:16 . 2011-07-19 22:16	1291368	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\QtScript4.dll
2011-07-19 22:16 . 2011-07-19 22:16	586344	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\QtSql4.dll
2011-07-19 22:16 . 2011-07-19 22:16	11666024	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\Kindle.exe
2011-07-19 22:16 . 2011-07-19 22:16	424517	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\langmap
2011-06-28 19:01 . 2011-06-28 19:01	66916	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\acw\bookextras.acx
2011-06-28 19:01 . 2011-06-28 19:01	13867	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\acw\corrections.acx
2011-06-28 19:01 . 2011-06-28 19:01	5353	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\acw\websearch.acx
2011-06-28 19:01 . 2011-06-28 19:01	14520	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\acw\wikipedia.acx
2011-05-27 03:01 . 2011-05-27 03:01	95351	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\KindleBook.ico
2011-05-27 03:01 . 2011-05-27 03:01	109950	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\KindleMagazine.ico
2011-05-27 03:01 . 2011-05-27 03:01	102838	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\KindleNewspaper.ico
2011-05-27 03:01 . 2011-05-27 03:01	1020520	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\libeay32.dll
2011-05-27 03:01 . 2011-05-27 03:01	203880	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\ssleay32.dll
2011-05-27 03:01 . 2011-05-27 03:01	513	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\content\Aesops-Fables.apnx
2011-05-27 03:01 . 2011-05-27 03:01	381732	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\content\Aesops-Fables.azw
2011-05-27 03:01 . 2011-05-27 03:01	953	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\content\Pride-and-Prejudice.apnx
2011-05-27 03:01 . 2011-05-27 03:01	869362	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\content\Pride-and-Prejudice.azw
2011-05-27 03:01 . 2011-05-27 03:01	628	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\content\Treasure-Island.apnx
2011-05-27 03:01 . 2011-05-27 03:01	633435	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\content\Treasure-Island.azw
2011-05-27 03:01 . 2011-05-27 03:01	1852	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
2011-05-27 03:01 . 2011-05-27 03:01	224768	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\Microsoft.VC90.CRT\msvcm90.dll
2011-05-27 03:01 . 2011-05-27 03:01	568832	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\Microsoft.VC90.CRT\msvcp90.dll
2011-05-27 03:01 . 2011-05-27 03:01	655872	----a-w-	c:\users\davidp54\AppData\Local\Amazon\Kindle\application\Microsoft.VC90.CRT\msvcr90.dll
.
---- Directory of c:\users\davidp54\AppData\Roaming\Isgauhg ----
.
.
---- Directory of c:\users\davidp54\AppData\Roaming\Ukreiqe ----
.
.
---- Directory of c:\users\Matthew.davidp54-PC\AppData\Roaming\Apzy ----
.
.
---- Directory of c:\users\Matthew.davidp54-PC\AppData\Roaming\Exolgey ----
.
.
---- Directory of c:\windows\Sun ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"googletalk"="c:\users\Matthew.davidp54-PC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HW_OPENEYE_OUC_MTN Online"="c:\program files\MTN [email protected]\UpdateDog\ouc.exe" [2010-03-16 110592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Giovanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lujialo]
2011-08-16 08:19	11264	----a-w-	c:\windows\System32\config\systemprofile\AppData\Local\lujialo.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 MpKsl0d798752;MpKsl0d798752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F5449B6-E093-4B48-848E-650FCA25E35B}\MpKsl0d798752.sys [x]
R1 MpKsl1beafc06;MpKsl1beafc06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F00CF970-42FB-4166-8B30-9FB3E5965F43}\MpKsl1beafc06.sys [x]
R1 MpKsl589894f4;MpKsl589894f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F7C5B7-ADBC-4614-9098-88FF02447AE7}\MpKsl589894f4.sys [x]
R1 MpKsl61caa5ad;MpKsl61caa5ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D93D0F9-0C86-46FC-A1B7-6EFC5CB35539}\MpKsl61caa5ad.sys [x]
R1 MpKsl685d8af0;MpKsl685d8af0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70D58B47-B6C3-4CC4-9139-4B6B49F75399}\MpKsl685d8af0.sys [x]
R1 MpKsl71ee565a;MpKsl71ee565a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKsl71ee565a.sys [x]
R1 MpKsl8ab4f3a7;MpKsl8ab4f3a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{292A3D70-6242-4E29-A96F-A8F2D56F087D}\MpKsl8ab4f3a7.sys [x]
R1 MpKsl8c564650;MpKsl8c564650;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32D6E33A-D96F-4B28-A931-D4C81AA2FFE9}\MpKsl8c564650.sys [x]
R1 MpKsl8e6bfa64;MpKsl8e6bfa64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D6A1A1-3D0A-46D3-A1FB-6A7A48032C0D}\MpKsl8e6bfa64.sys [x]
R1 MpKslbdcd0a7c;MpKslbdcd0a7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D94AAEF6-1062-4854-97F9-029849C26B87}\MpKslbdcd0a7c.sys [x]
R1 MpKslc4771124;MpKslc4771124;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA1C585E-ABCA-4ACB-A94B-CC7C708204A5}\MpKslc4771124.sys [x]
R1 MpKslc5ca38be;MpKslc5ca38be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKslc5ca38be.sys [x]
R1 MpKsldbdb1bde;MpKsldbdb1bde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldbdb1bde.sys [x]
R1 MpKsldd116bb1;MpKsldd116bb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldd116bb1.sys [x]
R1 MpKslde8079e3;MpKslde8079e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A0B8F6A-B5C9-46D0-9312-3A3C884AEA2A}\MpKslde8079e3.sys [x]
R1 MpKsle1a2c4fa;MpKsle1a2c4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98497323-F18C-4231-831C-1493AEB3666A}\MpKsle1a2c4fa.sys [x]
R1 MpKslecb33c4a;MpKslecb33c4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKslecb33c4a.sys [x]
R2 AMService;AMService;c:\windows\TEMP\xnbcyf\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 CFcatchme;CFcatchme;c:\users\MATTHE~1.DAV\AppData\Local\Temp\CFcatchme.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-05-12 21744]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S1 MpKsle548b406;MpKsle548b406;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F7C5B7-ADBC-4614-9098-88FF02447AE7}\MpKsle548b406.sys [2011-08-19 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
HPService	REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000Core.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000UA.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003Core.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003UA.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005Core.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005UA.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - 
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 09:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2226694355-1947302505-974820688-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\ehome\ehmsas.exe
c:\users\Matthew.davidp54-PC\AppData\Roaming\MTN Online\ouc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-08-19 09:31:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-19 08:31
ComboFix2.txt 2011-08-18 21:55
ComboFix3.txt 2011-08-15 23:35
ComboFix4.txt 2011-08-15 09:17
ComboFix5.txt 2011-08-19 08:02
.
Pre-Run: 70*710*513*664 bytes free
Post-Run: 70*744*584*192 bytes free
.
- - End Of File - - 6FC60AE0A7E3CF78B06B70577BB96431

ESET:

C:\Program Files\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\[4]-Submit_2011-08-19_09.04.16.zip	a variant of Win32/Kryptik.RTV trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.vir	a variant of Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.vir	a variant of Win32/Adware.Toolbar.Dealio application
C:\Qoobox\Quarantine\C\Program Files\IObit Toolbar\IE\4.5\iobitToolbarIE.dll.vir	a variant of Win32/Adware.Toolbar.Dealio application

Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7512

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2011/08/19 21:33:37
mbam-log-2011-08-19 (21-33-37).txt

Scan type: Quick scan
Objects scanned: 222169
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## kevinf80 (Mar 21, 2006)

There is still a lot of bad stuff on your system, OK do the following :-

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
Rootkit::
C:\axtcqkod.sys
File::
c:\windows\System32\config\systemprofile\AppData\Local\lujialo.dll
c:\windows\system32\ConduitEngine.tmp
c:\windows\system32\mswmdma.dll
Folder::
c:\users\davidp54\AppData\Roaming\Isgauhg
c:\users\davidp54\AppData\Roaming\Ukreiqe
c:\windows\Sun
c:\users\Matthew.davidp54-PC\AppData\Roaming\Exolgey
c:\users\Matthew.davidp54-PC\AppData\Roaming\Apzy
C:\Program Files\Application Updater
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lujialo]
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Kevin


----------



## theFAst0ne (Apr 16, 2009)

ComboFix 11-08-24.02 - Matthew 2011/08/24 12:17:17.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.27.1033.18.2045.976 [GMT 1:00]
Running from: c:\users\Matthew.davidp54-PC\Desktop\ComboFix.exe
Command switches used :: c:\users\Matthew.davidp54-PC\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\ConduitEngine.tmp"
"c:\windows\System32\config\systemprofile\AppData\Local\lujialo.dll"
"c:\windows\system32\mswmdma.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Application Updater
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\users\davidp54\AppData\Roaming\Isgauhg
c:\users\davidp54\AppData\Roaming\Ukreiqe
c:\users\Matthew.davidp54-PC\AppData\Roaming\Apzy
c:\users\Matthew.davidp54-PC\AppData\Roaming\Exolgey
c:\windows\Sun
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Application Updater
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 11:33 . 2011-08-24 11:36	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\temp
2011-08-24 11:33 . 2011-08-24 11:33	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2011-08-24 11:33 . 2011-08-24 11:33	--------	d-----w-	c:\users\Giovanna\AppData\Local\temp
2011-08-24 11:33 . 2011-08-24 11:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-24 11:33 . 2011-08-24 11:33	--------	d-----w-	c:\users\davidp54\AppData\Local\temp
2011-08-24 11:07 . 2011-08-24 11:07	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{447922CD-1A0A-4B3D-8A04-AD7E15ADF320}\MpKsl32762f98.sys
2011-08-21 10:29 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{447922CD-1A0A-4B3D-8A04-AD7E15ADF320}\mpengine.dll
2011-08-20 18:55 . 2011-08-20 18:55	--------	d-----w-	c:\program files\IObit Toolbar
2011-08-20 18:55 . 2011-08-20 18:55	--------	d-----w-	c:\program files\Common Files\Spigot
2011-08-19 20:26 . 2011-08-19 20:26	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Malwarebytes
2011-08-19 20:26 . 2011-07-06 18:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 20:26 . 2011-08-19 20:26	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-19 20:26 . 2011-07-06 18:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-19 20:26 . 2011-08-19 20:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-18 09:31 . 2011-08-18 09:31	--------	d-----w-	c:\users\Default\AppData\Roaming\Apple Computer
2011-08-18 09:31 . 2011-08-18 09:31	--------	d-----w-	c:\users\Default\AppData\Local\Apple Computer
2011-08-17 21:48 . 2008-10-17 13:55	321536	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpzpp696.dll
2011-08-17 21:32 . 2008-10-17 10:45	118272	----a-w-	c:\windows\system32\hpz3l696.dll
2011-08-17 21:29 . 2009-03-03 18:12	261432	----a-w-	c:\windows\system32\hpzids01.dll
2011-08-17 21:29 . 2008-10-29 00:31	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2011-08-17 21:29 . 2008-10-29 23:44	737280	----a-w-	c:\windows\system32\hposwia_p02a.dll
2011-08-17 21:29 . 2008-10-10 09:10	966656	----a-w-	c:\windows\system32\hpost_p02a.dll
2011-08-17 21:29 . 2008-10-10 09:10	307200	----a-w-	c:\windows\system32\hposc_p02a.dll
2011-08-17 21:29 . 2008-10-29 00:31	309760	----a-w-	c:\windows\system32\difxapi.dll
2011-08-17 20:32 . 2011-08-17 20:32	--------	d-----w-	c:\users\davidp54\AppData\Local\Amazon
2011-08-17 08:24 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-16 08:19 . 2011-08-16 08:19	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{73E4734C-2E90-456C-9F39-D8A589931161}\gapaengine.dll
2011-08-16 08:15 . 2011-07-20 08:44	6881616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C0EB1E1-EA0E-47BC-8FE3-E326D04DEEEC}\mpengine.dll
2011-08-16 08:15 . 2011-08-16 08:15	--------	d-----w-	c:\program files\Microsoft Security Client
2011-08-14 22:32 . 2011-08-14 22:32	--------	d--h--w-	c:\programdata\Common Files
2011-08-14 22:21 . 2011-08-15 08:19	--------	d-----w-	c:\programdata\MFAData
2011-08-14 09:11 . 2011-08-14 09:12	--------	d-----w-	C:\3af0a8e7e6fc3b274e9061
2011-08-13 22:58 . 2011-08-13 22:58	388096	----a-r-	c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-13 22:58 . 2011-08-13 22:58	--------	d-----w-	c:\program files\Trend Micro
2011-08-13 22:41 . 2011-08-13 23:33	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-08-13 22:41 . 2011-08-13 22:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Apps
2011-08-12 14:17 . 2011-08-12 14:17	--------	d-----w-	c:\users\Giovanna\AppData\Local\Deployment
2011-08-12 14:10 . 2011-08-12 14:11	--------	d-----w-	c:\users\Giovanna\AppData\Roaming\HTC
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\users\Matthew.davidp54-PC\AppData\Local\MagicSoftware
2011-08-10 19:09 . 2011-08-10 19:09	--------	d-----w-	c:\programdata\MagicSoftware
2011-08-10 18:51 . 2011-08-10 18:51	0	----a-w-	c:\windows\system32\ConduitEngine.tmp
2011-08-09 20:17 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 18:40 . 2011-08-09 18:40	913296	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-09 18:40 . 2011-08-09 18:40	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-08-09 18:28 . 2011-08-09 18:28	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 18:27 . 2011-08-09 18:27	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2011-08-09 18:27 . 2011-08-09 18:27	141104	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2011-08-09 18:27 . 2011-08-09 18:27	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-08-09 08:31 . 2011-08-09 08:31	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 22:26 . 2010-02-12 10:32	293376	----a-w-	c:\windows\system32\browserchoice.exe
2011-08-05 10:48 . 2009-02-24 16:42	116736	----a-w-	c:\windows\system32\drivers\mcdbus.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-09 18:41 . 2011-08-09 18:41	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 18:41 . 2011-08-09 18:41	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 18:28 . 2011-08-09 18:28	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 18:27 . 2011-08-09 18:27	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-08-09 18:27 . 2011-08-09 18:27	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-13 12:47 . 2011-07-13 12:47	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-07-13 12:47 . 2011-07-13 12:47	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-07-13 12:46 . 2011-07-13 12:46	508416	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-07-13 12:46 . 2011-07-13 12:46	30208	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-07-12 09:20 . 2011-07-12 09:20	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-04-14 16:41 . 2011-05-01 09:55	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Softonic-Eng7\prxtbSof2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\prxtbSof2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"googletalk"="c:\users\Matthew.davidp54-PC\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HW_OPENEYE_OUC_MTN Online"="c:\program files\MTN [email protected]\UpdateDog\ouc.exe" [2010-03-16 110592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
c:\users\Giovanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Matthew.davidp54-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R1 MpKsl0d798752;MpKsl0d798752;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F5449B6-E093-4B48-848E-650FCA25E35B}\MpKsl0d798752.sys [x]
R1 MpKsl1beafc06;MpKsl1beafc06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F00CF970-42FB-4166-8B30-9FB3E5965F43}\MpKsl1beafc06.sys [x]
R1 MpKsl321d6f4c;MpKsl321d6f4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B1492AF-855A-4992-8012-340669B9320E}\MpKsl321d6f4c.sys [x]
R1 MpKsl589894f4;MpKsl589894f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F7C5B7-ADBC-4614-9098-88FF02447AE7}\MpKsl589894f4.sys [x]
R1 MpKsl61caa5ad;MpKsl61caa5ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D93D0F9-0C86-46FC-A1B7-6EFC5CB35539}\MpKsl61caa5ad.sys [x]
R1 MpKsl685d8af0;MpKsl685d8af0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70D58B47-B6C3-4CC4-9139-4B6B49F75399}\MpKsl685d8af0.sys [x]
R1 MpKsl71ee565a;MpKsl71ee565a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKsl71ee565a.sys [x]
R1 MpKsl8ab4f3a7;MpKsl8ab4f3a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{292A3D70-6242-4E29-A96F-A8F2D56F087D}\MpKsl8ab4f3a7.sys [x]
R1 MpKsl8c224526;MpKsl8c224526;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B1492AF-855A-4992-8012-340669B9320E}\MpKsl8c224526.sys [x]
R1 MpKsl8c564650;MpKsl8c564650;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32D6E33A-D96F-4B28-A931-D4C81AA2FFE9}\MpKsl8c564650.sys [x]
R1 MpKsl8e6bfa64;MpKsl8e6bfa64;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40D6A1A1-3D0A-46D3-A1FB-6A7A48032C0D}\MpKsl8e6bfa64.sys [x]
R1 MpKslbdcd0a7c;MpKslbdcd0a7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D94AAEF6-1062-4854-97F9-029849C26B87}\MpKslbdcd0a7c.sys [x]
R1 MpKslc4771124;MpKslc4771124;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA1C585E-ABCA-4ACB-A94B-CC7C708204A5}\MpKslc4771124.sys [x]
R1 MpKslc5ca38be;MpKslc5ca38be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKslc5ca38be.sys [x]
R1 MpKsldbdb1bde;MpKsldbdb1bde;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldbdb1bde.sys [x]
R1 MpKsldd116bb1;MpKsldd116bb1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93612EDB-B080-4951-96C6-B7756C302D64}\MpKsldd116bb1.sys [x]
R1 MpKslde8079e3;MpKslde8079e3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A0B8F6A-B5C9-46D0-9312-3A3C884AEA2A}\MpKslde8079e3.sys [x]
R1 MpKsle1a2c4fa;MpKsle1a2c4fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98497323-F18C-4231-831C-1493AEB3666A}\MpKsle1a2c4fa.sys [x]
R1 MpKsle548b406;MpKsle548b406;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50F7C5B7-ADBC-4614-9098-88FF02447AE7}\MpKsle548b406.sys [x]
R1 MpKslecb33c4a;MpKslecb33c4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E7A114F-523C-46E8-9CE8-B8D2E1AE05B5}\MpKslecb33c4a.sys [x]
R2 AMService;AMService;c:\windows\TEMP\xnbcyf\setup.exe run [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9cca6668a0886;Google Update Service (gupdate1c9cca6668a0886);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2004-10-06 283904]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [2004-10-04 43392]
R3 CFcatchme;CFcatchme;c:\users\MATTHE~1.DAV\AppData\Local\Temp\CFcatchme.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 133104]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2011-05-12 21744]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
S1 MpKsl32762f98;MpKsl32762f98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{447922CD-1A0A-4B3D-8A04-AD7E15ADF320}\MpKsl32762f98.sys [2011-08-24 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 72832]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
WindowsMobile	REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ WcesComm RapiMgr
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ FontCache
HPService	REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-04 10:52]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000Core.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1000UA.job
- c:\users\davidp54\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 08:17]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003Core.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1003UA.job
- c:\users\Matthew.davidp54-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-20 05:51]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005Core.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2226694355-1947302505-974820688-1005UA.job
- c:\users\Giovanna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-12 14:17]
.
2011-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
2011-08-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 10.0.0.2
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - 
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2226694355-1947302505-974820688-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5548)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\users\Matthew.davidp54-PC\AppData\Roaming\MTN Online\ouc.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-08-24 12:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-24 11:44
ComboFix2.txt 2011-08-19 08:31
ComboFix3.txt 2011-08-18 21:55
ComboFix4.txt 2011-08-15 23:35
ComboFix5.txt 2011-08-19 23:01
.
Pre-Run: 64*537*649*152 bytes free
Post-Run: 64*512*962*560 bytes free
.
- - End Of File - - 347439967EE40F4FF8EF6E30E549C384


----------



## kevinf80 (Mar 21, 2006)

Re-run a quick scan with Microsoft Security Essentials, let me know if it finds anything, also give update on any issues or concerns...

Kevin


----------



## theFAst0ne (Apr 16, 2009)

I did a quick scan with both MSE and Malwarebytes' Anti-Malware. Neither scan found any threats.


----------



## kevinf80 (Mar 21, 2006)

OK, continue as follows :-

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.
*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. *Any tools/logs remaining on the Desktop can be deleted.*

*Step 3*

1. Click Start, type *programs and features* in the Search box, and then press ENTER.
2. Click to select the product to be uninstalled from the listing of installed products*(ESET Online Scanner)*, and then click Uninstall/Change from the bar that displays the available tasks to remove *ESET*. Only re-boot if prompted

*Step 4*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run*

*Step 5*

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by *Secunia*, available *Here* Before clicking the *Start* scan button, please check the box for the option *Enable thorough system inspection*. Just below the "Scan Options:" section, you'll see the status of what's currently processing....








...when the scan completes, the message "Detection completed successfully" will appear in the *Programs/Result* section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

If you update Adobe or Java after running Secunia ensure any old versions are removed...

Let me know if the above steps complete OK, also let me know if you have any remaining issues or concerns...

Kevin


----------



## theFAst0ne (Apr 16, 2009)

Updated and patched all the listed programs. I have had no further issues with the pc and all the original issues I had are gone.


----------



## kevinf80 (Mar 21, 2006)

Your latest logs are clean and you say that your system is running well, it would be an excellent idea to keep it that way. The following advice will go along way to keeping you secure so that you can enjoy safe and happy surfing.

Here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If you are OK to close out hit the "Mark Solved" tab at the top of the thread...

Kevin :up:


----------



## theFAst0ne (Apr 16, 2009)

Thanks very much Kevin:up:
I appreciate it


----------



## kevinf80 (Mar 21, 2006)

You`re very welcome....


----------

