part 1
Avira was run, and removed 2 threats.
-------------------------------------
The option to rescan wasn't available for the first file, but it was for the second two. So the second two were rescanned.
VirSCAN.org Scanned Report :
Scanned time : 2008/11/22 15:14:37 (CST)
Scanner results: Scanners did not find malware!
File Name : userinit.exe
File Size : 25088 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 0e135526e9785d085bcd9aede6fbcbf9
SHA1 : d15244d41efddbab08d53fe032aedff39091d3af
Online report :
http://r.virscan.org/ffba0ea65ad66c031826c60a3d422b2d
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.26 20081122063100 2008-11-22 4.20 -
AhnLab V3 2008.11.22.00 2008.11.22 2008-11-22 1.04 -
AntiVir 7.9.0.35 7.1.0.122 2008-11-21 1.55 -
Antiy 2.0.18 20081122.1722967 2008-11-22 0.12 -
Arcavir 1.0.5 200811211356 2008-11-21 1.22 -
Authentium 5.1.1 200811212255 2008-11-21 1.09 -
AVAST! 3.0.1 081121-0 2008-11-21 0.01 -
AVG 7.5.52.442 270.9.9/1804 2008-11-21 1.73 -
BitDefender 7.81008.2247023 7.22006 2008-11-22 2.06 -
CA (VET) 9.0.0.143 31.6.6222 2008-11-22 5.37 -
ClamAV 0.94.1 8661 2008-11-21 0.01 -
Comodo 2.11 2.0.0.712 2008-11-20 0.39 -
CP Secure 1.1.0.715 2008.11.22 2008-11-22 6.42 -
Dr.Web 4.44.0.9170 2008.11.22 2008-11-22 3.56 -
ewido 4.0.0.2 2008.11.21 2008-11-21 6.75 -
F-Prot 4.4.4.56 20081121 2008-11-21 1.08 -
F-Secure 5.51.6100 2008.11.22.02 2008-11-22 0.04 -
Fortinet 2.81-3.117 9.731 2008-11-21 0.34 -
GData 19.1621/19.116 20081122 2008-11-22 3.48 -
ViRobot 20081121 2008.11.21 2008-11-21 0.41 -
Ikarus T3.1.01.45 2008.11.22.71896 2008-11-22 3.94 -
JiangMin 11.0.706 2008.11.22 2008-11-22 1.39 -
Kaspersky 5.5.10 2008.11.22 2008-11-22 0.04 -
KingSoft 2008.9.8.18 2008.11.22.15 2008-11-22 0.79 -
McAfee 5.3.00 5441 2008-11-21 2.53 -
Microsoft 1.4104 2008.11.21 2008-11-21 5.77 -
mks_vir 2.01 2008.11.17 2008-11-17 2.69 -
Norman 5.93.01 5.93.00 2008-11-21 5.71 -
Panda 9.05.01 2008.11.21 2008-11-21 2.96 -
Trend Micro 8.700-1004 5.670.01 2008-11-21 0.03 -
Quick Heal 10.00 2008.11.21 2008-11-21 0.85 -
Rising 20.0 21.04.50.00 2008-11-22 0.78 -
Sophos 2.80.0 4.35 2008-11-22 2.03 -
Sunbelt 4474 4474 2008-11-04 0.50 -
Symantec 1.3.0.24 20081121.003 2008-11-21 2.02 -
nProtect 2008-11-21.03 2625860 2008-11-21 3.10 -
The Hacker 6.3.1.1 v00159 2008-11-19 0.45 -
VBA32 3.12.8.9 20081121.1440 2008-11-21 1.45 -
VirusBuster 4.5.11.10 10.94.1/715510 2008-11-21 0.93 -
-----------------------------
VirSCAN.org Scanned Report :
Scanned time : 2011/08/14 03:01:34 (CST)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 2926592 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d07d4c3038f3578ffce1c0237f2a1253
SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a
Online report :
http://r.virscan.org/44f45cc1ce2d5deca4c891d776784e6e
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110812180754 2011-08-12 0.36 -
AhnLab V3 2011.08.14.00 2011.08.14 2011-08-14 1.96 -
AntiVir 8.2.6.30 7.11.13.37 2011-08-12 0.30 -
Antiy 2.0.18 20110804.11725727 2011-08-04 0.02 -
Arcavir 2011 201107140423 2011-07-14 0.06 -
Authentium 5.1.1 201108130656 2011-08-13 1.54 -
AVAST! 4.7.4 110813-0 2011-08-13 0.14 -
AVG 8.5.850 271.1.1/3831 2011-08-13 0.25 -
BitDefender 7.90123.8924128 7.38594 2011-08-14 4.32 -
ClamAV 0.97.1 13434 2011-08-13 0.36 -
Comodo 5.1 9732 2011-08-13 1.85 -
CP Secure 1.3.0.5 2011.08.13 2011-08-13 0.47 -
Dr.Web 5.0.2.3300 2011.07.23 2011-07-23 13.19 -
F-Prot 4.6.2.117 20110813 2011-08-13 0.78 -
F-Secure 7.02.73807 2011.08.12.14 2011-08-12 0.25 -
Fortinet 4.2.257 13.539 2011-08-13 0.51 -
GData 22.1614 20110814 2011-08-14 0.11 -
ViRobot 20110813 2011.08.13 2011-08-13 0.37 -
Ikarus T3.1.32.20.0 2011.08.13.79075 2011-08-13 4.96 -
JiangMin 13.0.900 2011.08.13 2011-08-13 1.81 -
Kaspersky 5.5.10 2011.08.13 2011-08-13 0.12 -
KingSoft 2009.2.5.15 2011.8.13.12 2011-08-13 0.86 -
McAfee 5400.1158 6437 2011-08-13 9.44 -
Microsoft 1.7104 2011.08.13 2011-08-13 3.78 -
NOD32 3.0.21 6363 2011-08-09 0.22 -
Norman 6.07.10 6.07.00 2011-08-13 12.02 -
Panda 9.05.01 2011.08.12 2011-08-12 4.88 -
Trend Micro 9.200-1012 8.352.04 2011-08-13 0.04 -
Quick Heal 11.00 2011.08.13 2011-08-13 1.94 -
Rising 20.0 23.70.04.03 2011-08-12 2.56 -
Sophos 3.22.0 4.68 2011-08-13 3.73 -
Sunbelt 3.9.2497.2 10150 2011-08-12 0.74 -
Symantec 1.3.0.24 20110812.004 2011-08-12 0.19 -
nProtect 20110803.04 12178473 2011-08-03 1.15 -
The Hacker 6.7.0.1 v00276 2011-08-12 0.51 -
VBA32 3.12.16.4 20110813.0829 2011-08-13 3.97 -
VirusBuster 5.3.0.4 14.0.167.0/58594752011-08-13 0.00 -
-------------------------
VirSCAN.org Scanned Report :
Scanned time : 2011/08/14 03:06:16 (CST)
Scanner results: Scanners did not find malware!
File Name : svchost.exe
File Size : 21504 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 3794b461c45882e06856f282eef025af
SHA1 : bf15549a7ec01ac505ccac036aba5b9bae688135
Online report :
http://r.virscan.org/694c8d9f534f89ba5fd0a851bb42ee63
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110812180754 2011-08-12 0.33 -
AhnLab V3 2011.08.14.00 2011.08.14 2011-08-14 1.73 -
AntiVir 8.2.6.30 7.11.13.37 2011-08-12 0.56 -
Antiy 2.0.18 20110804.11725727 2011-08-04 0.02 -
Arcavir 2011 201107140423 2011-07-14 0.03 -
Authentium 5.1.1 201108130656 2011-08-13 2.29 -
AVAST! 4.7.4 110813-0 2011-08-13 0.01 -
AVG 8.5.850 271.1.1/3831 2011-08-13 0.93 -
BitDefender 7.90123.8924128 7.38594 2011-08-14 4.86 -
ClamAV 0.97.1 13434 2011-08-13 0.01 -
Comodo 5.1 9732 2011-08-13 1.77 -
CP Secure 1.3.0.5 2011.08.13 2011-08-13 0.04 -
Dr.Web 5.0.2.3300 2011.07.23 2011-07-23 13.30 -
F-Prot 4.6.2.117 20110813 2011-08-13 0.80 -
F-Secure 7.02.73807 2011.08.12.14 2011-08-12 0.19 -
Fortinet 4.2.257 13.539 2011-08-13 0.20 -
GData 22.1614 20110814 2011-08-14 0.11 -
ViRobot 20110813 2011.08.13 2011-08-13 0.37 -
Ikarus T3.1.32.20.0 2011.08.13.79075 2011-08-13 5.04 -
JiangMin 13.0.900 2011.08.13 2011-08-13 1.53 -
Kaspersky 5.5.10 2011.08.13 2011-08-13 0.11 -
KingSoft 2009.2.5.15 2011.8.13.12 2011-08-13 0.82 -
McAfee 5400.1158 6437 2011-08-13 10.04 -
Microsoft 1.7104 2011.08.13 2011-08-13 4.39 -
NOD32 3.0.21 6363 2011-08-09 0.01 -
Norman 6.07.10 6.07.00 2011-08-13 14.02 -
Panda 9.05.01 2011.08.12 2011-08-12 4.58 -
Trend Micro 9.200-1012 8.352.04 2011-08-13 0.04 -
Quick Heal 11.00 2011.08.13 2011-08-13 1.34 -
Rising 20.0 23.70.04.03 2011-08-12 2.22 -
Sophos 3.22.0 4.68 2011-08-13 3.89 -
Sunbelt 3.9.2497.2 10150 2011-08-12 0.80 -
Symantec 1.3.0.24 20110812.004 2011-08-12 0.08 -
nProtect 20110803.04 12178473 2011-08-03 1.16 -
The Hacker 6.7.0.1 v00276 2011-08-12 0.47 -
VBA32 3.12.16.4 20110813.0829 2011-08-13 4.29 -
VirusBuster 5.3.0.4 14.0.167.0/58594752011-08-13 0.00 -
----------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7465
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8/14/2011 12:52:06 PM
mbam-log-2011-08-14 (12-52-06).txt
Scan type: Quick scan
Objects scanned: 188691
Time elapsed: 22 minute(s), 56 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> 4812 -> Failed to unload process.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
-----------------------------
GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit quick scan 2011-08-14 13:03:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0
Running: og89d5k6.exe; Driver: C:\Users\Nick\AppData\Local\Temp\pwldqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
-------------------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Nick at 13:07:06 on 2011-08-14
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.783 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k termfsc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system\svchost.exe -k NetworkService
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://google.com/
uSearch Bar =
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [conhost] c:\users\nick\appdata\roaming\microsoft\conhost.exe
uRun: [Google Update] "c:\users\nick\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Skytel] Skytel.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [1653478294] c:\windows\system32\config\systemprofile\appdata\local\yje.exe
mExplorerRun: [Cvke] rundll32
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8759A705-0244-4C76-8348-39B7AE2DC4DC} : DhcpNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: mujiano - c:\windows\system32\config\systemprofile\appdata\local\mujiano.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nick\appdata\roaming\mozilla\firefox\profiles\6633dest.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|google.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56343
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\nick\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-17 64288]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-23 20384]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-13 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-13 66616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-8 366640]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-7-20 88176]
R2 TermServices;Remote Desktop Services;c:\windows\system32\svchost.exe -k termfsc [2008-1-20 21504]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-8 22712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-7 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2151640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-7 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe --> c:\program files\jumpstart\jswpsapi.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-8 41272]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-14 16:58:50 7680 ----a-w- c:\windows\system\svchost.exe
2011-08-13 20:38:19 -------- d-----w- c:\users\nick\appdata\roaming\Avira
2011-08-13 20:23:35 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-13 20:23:32 -------- d-----w- c:\programdata\Avira
2011-08-13 20:23:32 -------- d-----w- c:\program files\Avira
2011-08-13 01:23:30 -------- d-----w- C:\HijackThis
2011-08-10 01:51:07 -------- d-----w- C:\Hostsxpert
2011-08-10 01:37:07 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 01:37:05 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 01:36:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-10 01:35:31 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 01:35:31 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 01:34:53 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 15:13:52 218624 ----a-w- c:\windows\system32\terdsw32.dll
2011-08-09 03:10:00 -------- d-----w- c:\users\nick\appdata\roaming\Malwarebytes
2011-08-09 03:09:56 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-09 03:09:55 -------- d-----w- c:\programdata\Malwarebytes
2011-08-09 03:09:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-09 03:09:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-06 00:05:59 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{716400d7-366a-4fb4-8f93-8c2adec73639}\mpengine.dll
2011-07-20 20:08:47 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-07-20 20:08:45 -------- d-----w- c:\users\nick\appdata\roaming\Catalina Marketing Corp
2011-07-20 20:08:42 489672 ----a-w- c:\users\nick\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe
2011-07-19 18:36:00 -------- d-----w- c:\programdata\HP Photo Creations
2011-07-19 18:36:00 -------- d-----w- c:\program files\HP Photo Creations
2011-07-19 18:35:45 -------- d-----w- c:\program files\Coupons
2011-07-19 18:34:43 -------- d-----w- c:\users\nick\appdata\roaming\HpUpdate
2011-07-19 18:30:58 -------- d-----w- c:\program files\HP
2011-07-19 18:30:19 -------- d-----w- c:\users\nick\appdata\local\HP
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-30 07:32:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-22 00:07:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 02:34:50 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:09:07.36 ===============
---------------------------