Sirs,
I've been searching for this virus for some time now, The symptoms are scans terminate prematurely or without finding anything. My security gets turned off constantly. I get messages that i don't have permission to access files and there is a group privilege. I don"t belong to a group. I'm getting seeded from the internet. I know this because of a linux ubuntu log file. Please Help. Here are the logs.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.01.03
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Harveydf :: HARVEYDF-PC [administrator]
4/1/2012 5:48:14 PM
mbam-log-2012-04-01 (17-48-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233353
Time elapsed: 3 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-01 15:28:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 rev.
Running: koda.exe; Driver: C:\Users\Harveydf\AppData\Local\Temp\uxlcykob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Harveydf at 13:55:55 on 2012-04-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2471 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/?_bc=1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\harveydf\appdata\roaming\mozilla\firefox\profiles\lppj4d9t.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\harveydf\appdata\local\google\google earth\plugin\npgeplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-14 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-14 342168]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-14 253352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-14 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-14 1117624]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-15 54328]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-15 574424]
S1 6594252drv;6594252drv;c:\windows\system32\drivers\6594252drv.sys [2011-8-15 489048]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-14 185560]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-14 163328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-14 21992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-3-15 793048]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-2-14 9182208]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-2-14 264704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-12-5 83472]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-14 70536]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-3-16 24416]
S3 silabenm;Junsi USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2012-3-11 47176]
S3 silabser;Junsi USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2012-3-11 58496]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-15 35264]
S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MJLVASR;MJLVASR;c:\users\harveydf\appdata\local\temp\mjlvasr.exe --> c:\users\harveydf\appdata\local\temp\MJLVASR.exe [?]
S4 NBISZU;NBISZU;c:\users\harveydf\appdata\local\temp\nbiszu.exe --> c:\users\harveydf\appdata\local\temp\NBISZU.exe [?]
S4 OJ;OJ;c:\users\harveydf\appdata\local\temp\oj.exe --> c:\users\harveydf\appdata\local\temp\OJ.exe [?]
.
=============== Created Last 30 ================
.
2012-04-02 01:50:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f1a70e0f-d4e1-4e3a-9aed-69f292cecdbd}\mpengine.dll
2012-04-01 20:58:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 18:37:30 -------- d-----w- c:\program files\ESET
2012-03-26 11:53:19 -------- d-----w- c:\windows\ERDNT2
2012-03-26 11:52:11 -------- d-----w- c:\program files\ERUNT2
2012-03-24 15:43:42 -------- d-----w- C:\AMD
2012-03-23 17:01:03 -------- d-----w- c:\programdata\Microsoft Symbols for Visual Studio and Process Explorer
2012-03-23 16:58:59 -------- d-----w- c:\users\harveydf\Microsoft Symbols for Visual Studio and Process Explorer
2012-03-23 10:54:56 -------- d-----w- c:\program files\BenchMark Tools
2012-03-23 09:08:30 -------- d-----w- c:\program files\CrystalDiskInfo
2012-03-22 17:55:02 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-03-22 17:52:47 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-21 15:32:51 -------- d-----w- c:\users\harveydf\appdata\roaming\GlarySoft
2012-03-21 15:32:50 -------- d-----w- c:\program files\Glary Undelete
2012-03-18 20:39:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-17 17:42:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f54698d-55cd-4254-9766-493841d8d863}\gapaengine.dll
2012-03-17 17:13:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-17 17:12:50 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-17 08:34:47 -------- d-----w- C:\.Trash-0
2012-03-17 00:40:53 -------- d-----w- c:\users\harveydf\appdata\roaming\GetRightToGo
2012-03-17 00:04:50 14664 ----a-w- c:\windows\stinger.sys
2012-03-17 00:04:18 -------- d-----w- c:\program files\stinger
2012-03-16 19:02:00 -------- d-----w- C:\BackSys
2012-03-16 15:22:38 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-03-16 15:11:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-03-16 15:11:06 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-03-16 15:10:59 2 --shatr- c:\windows\winstart.bat
2012-03-16 15:10:55 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-03-16 10:26:59 -------- d-----w- c:\users\harveydf\appdata\roaming\VSRevoGroup
2012-03-16 09:06:55 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-16 09:06:55 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-15 13:22:16 -------- d-----w- c:\users\harveydf\appdata\roaming\Registry Mechanic
2012-03-15 12:54:22 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-03-15 12:54:22 512472 ----a-w- c:\windows\system32\msxml.dll
2012-03-15 12:54:22 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-03-15 12:54:22 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-03-15 12:54:22 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-03-15 12:50:58 -------- d-----w- c:\users\harveydf\appdata\roaming\Product_RM
2012-03-15 11:59:07 -------- d-----w- c:\users\harveydf\appdata\roaming\PCTools
2012-03-15 08:38:31 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-15 08:38:30 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-15 08:38:30 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-15 01:59:41 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-15 01:59:41 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-15 01:59:39 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-15 01:59:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-15 01:59:32 -------- d-----w- c:\program files\PC Tools
2012-03-15 01:12:24 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-15 01:12:24 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-15 01:12:24 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-15 01:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-15 01:12:23 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-15 01:12:23 -------- d-----w- c:\program files\common files\PC Tools
2012-03-15 01:07:19 -------- d-----w- c:\users\harveydf\appdata\roaming\TestApp
2012-03-15 01:07:19 -------- d-----w- c:\programdata\PC Tools
2012-03-13 23:40:21 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:40:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:40:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:40:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:40:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:40:15 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:40:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-13 21:39:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 21:39:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-13 20:04:26 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:04:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 23:58:47 -------- d-----w- c:\users\harveydf\appdata\roaming\LogView
2012-03-11 23:28:50 58496 ----a-w- c:\windows\system32\drivers\silabser.sys
2012-03-11 20:32:23 -------- d-----w- c:\users\harveydf\appdata\local\ElevatedDiagnostics
2012-03-11 18:57:10 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-11 18:57:10 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-03-11 18:53:26 -------- d-----w- c:\program files\Silabs
2012-03-11 18:49:53 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
2012-03-11 18:49:53 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2012-03-11 12:47:38 -------- d-----w- c:\users\harveydf\appdata\roaming\EurekaLog
2012-03-11 12:47:09 -------- d-----w- c:\program files\LogView V2
2012-03-11 12:26:27 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
2012-03-11 12:26:25 -------- d-----w- c:\program files\Junsi
2012-03-11 12:25:50 -------- d-----w- c:\windows\system32\Silabs
.
==================== Find3M ====================
.
2012-03-16 09:14:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 08:29:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 03:47:12 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:18:56 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- c:\windows\system32\aticfx32.dll
2012-02-15 03:13:56 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13:20 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:12:48 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-02-15 03:10:58 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- c:\windows\system32\atioglxx.dll
2012-02-15 02:40:54 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-02-15 02:34:54 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-02-15 02:34:44 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-02-15 02:29:52 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- c:\windows\system32\aticaldd.dll
2012-02-15 02:16:34 51200 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:13:48 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13:32 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13:20 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-02-15 02:12:48 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12:14 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-02-15 02:12:00 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-02-15 02:11:36 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-02-15 02:11:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:56:44.07 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/23/2007 3:55:52 PM
System Uptime: 4/1/2012 1:07:52 PM (0 hours ago)
.
Motherboard: ECS | | MCP61PM-GM
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2210/235mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 324 GiB total, 212.136 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.488 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is FIXED (NTFS) - 24 GiB total, 24.324 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
Page 1
I've been searching for this virus for some time now, The symptoms are scans terminate prematurely or without finding anything. My security gets turned off constantly. I get messages that i don't have permission to access files and there is a group privilege. I don"t belong to a group. I'm getting seeded from the internet. I know this because of a linux ubuntu log file. Please Help. Here are the logs.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.01.03
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Harveydf :: HARVEYDF-PC [administrator]
4/1/2012 5:48:14 PM
mbam-log-2012-04-01 (17-48-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233353
Time elapsed: 3 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-04-01 15:28:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000062 rev.
Running: koda.exe; Driver: C:\Users\Harveydf\AppData\Local\Temp\uxlcykob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Harveydf at 13:55:55 on 2012-04-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2471 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/?_bc=1
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{193FD7B8-6ED3-43A3-9D42-499D673FB086} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\harveydf\appdata\roaming\mozilla\firefox\profiles\lppj4d9t.default\
FF - prefs.js: browser.search.selectedEngine - Startpage
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\harveydf\appdata\local\google\google earth\plugin\npgeplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-14 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-14 342168]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-14 253352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-14 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-14 1117624]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-3-15 54328]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-3-15 574424]
S1 6594252drv;6594252drv;c:\windows\system32\drivers\6594252drv.sys [2011-8-15 489048]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-14 185560]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-14 163328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-14 21992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-3-15 793048]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-2-14 9182208]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-2-14 264704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-12-5 83472]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-14 70536]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-3-16 24416]
S3 silabenm;Junsi USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2012-3-11 47176]
S3 silabser;Junsi USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2012-3-11 58496]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-3-15 35264]
S3 ThreatFire;ThreatFire;c:\program files\pc tools\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools\pc tools security\tfengine\TFService.exe service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MJLVASR;MJLVASR;c:\users\harveydf\appdata\local\temp\mjlvasr.exe --> c:\users\harveydf\appdata\local\temp\MJLVASR.exe [?]
S4 NBISZU;NBISZU;c:\users\harveydf\appdata\local\temp\nbiszu.exe --> c:\users\harveydf\appdata\local\temp\NBISZU.exe [?]
S4 OJ;OJ;c:\users\harveydf\appdata\local\temp\oj.exe --> c:\users\harveydf\appdata\local\temp\OJ.exe [?]
.
=============== Created Last 30 ================
.
2012-04-02 01:50:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f1a70e0f-d4e1-4e3a-9aed-69f292cecdbd}\mpengine.dll
2012-04-01 20:58:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-26 18:37:30 -------- d-----w- c:\program files\ESET
2012-03-26 11:53:19 -------- d-----w- c:\windows\ERDNT2
2012-03-26 11:52:11 -------- d-----w- c:\program files\ERUNT2
2012-03-24 15:43:42 -------- d-----w- C:\AMD
2012-03-23 17:01:03 -------- d-----w- c:\programdata\Microsoft Symbols for Visual Studio and Process Explorer
2012-03-23 16:58:59 -------- d-----w- c:\users\harveydf\Microsoft Symbols for Visual Studio and Process Explorer
2012-03-23 10:54:56 -------- d-----w- c:\program files\BenchMark Tools
2012-03-23 09:08:30 -------- d-----w- c:\program files\CrystalDiskInfo
2012-03-22 17:55:02 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-03-22 17:52:47 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-03-21 15:32:51 -------- d-----w- c:\users\harveydf\appdata\roaming\GlarySoft
2012-03-21 15:32:50 -------- d-----w- c:\program files\Glary Undelete
2012-03-18 20:39:56 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-03-17 17:42:42 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5f54698d-55cd-4254-9766-493841d8d863}\gapaengine.dll
2012-03-17 17:13:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-17 17:12:50 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-17 08:34:47 -------- d-----w- C:\.Trash-0
2012-03-17 00:40:53 -------- d-----w- c:\users\harveydf\appdata\roaming\GetRightToGo
2012-03-17 00:04:50 14664 ----a-w- c:\windows\stinger.sys
2012-03-17 00:04:18 -------- d-----w- c:\program files\stinger
2012-03-16 19:02:00 -------- d-----w- C:\BackSys
2012-03-16 15:22:38 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2012-03-16 15:11:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-03-16 15:11:06 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2012-03-16 15:10:59 2 --shatr- c:\windows\winstart.bat
2012-03-16 15:10:55 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2012-03-16 10:26:59 -------- d-----w- c:\users\harveydf\appdata\roaming\VSRevoGroup
2012-03-16 09:06:55 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-16 09:06:55 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-15 13:22:16 -------- d-----w- c:\users\harveydf\appdata\roaming\Registry Mechanic
2012-03-15 12:54:22 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2012-03-15 12:54:22 512472 ----a-w- c:\windows\system32\msxml.dll
2012-03-15 12:54:22 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2012-03-15 12:54:22 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2012-03-15 12:54:22 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2012-03-15 12:50:58 -------- d-----w- c:\users\harveydf\appdata\roaming\Product_RM
2012-03-15 11:59:07 -------- d-----w- c:\users\harveydf\appdata\roaming\PCTools
2012-03-15 08:38:31 574424 --s-a-w- c:\windows\system32\drivers\TfSysMon.sys
2012-03-15 08:38:30 54328 --s-a-w- c:\windows\system32\drivers\TfFsMon.sys
2012-03-15 08:38:30 35264 --s-a-w- c:\windows\system32\drivers\TfNetMon.sys
2012-03-15 01:59:41 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-15 01:59:41 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-15 01:59:39 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-15 01:59:37 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-15 01:59:32 -------- d-----w- c:\program files\PC Tools
2012-03-15 01:12:24 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-15 01:12:24 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-15 01:12:24 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-15 01:12:24 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-15 01:12:23 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-15 01:12:23 -------- d-----w- c:\program files\common files\PC Tools
2012-03-15 01:07:19 -------- d-----w- c:\users\harveydf\appdata\roaming\TestApp
2012-03-15 01:07:19 -------- d-----w- c:\programdata\PC Tools
2012-03-13 23:40:21 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:40:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 23:40:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 23:40:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 23:40:15 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 23:40:15 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:40:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-13 21:39:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 21:39:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-13 20:04:26 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:04:26 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 23:58:47 -------- d-----w- c:\users\harveydf\appdata\roaming\LogView
2012-03-11 23:28:50 58496 ----a-w- c:\windows\system32\drivers\silabser.sys
2012-03-11 20:32:23 -------- d-----w- c:\users\harveydf\appdata\local\ElevatedDiagnostics
2012-03-11 18:57:10 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-03-11 18:57:10 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-03-11 18:53:26 -------- d-----w- c:\program files\Silabs
2012-03-11 18:49:53 47176 ----a-w- c:\windows\system32\drivers\silabenm.sys
2012-03-11 18:49:53 1461992 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2012-03-11 12:47:38 -------- d-----w- c:\users\harveydf\appdata\roaming\EurekaLog
2012-03-11 12:47:09 -------- d-----w- c:\program files\LogView V2
2012-03-11 12:26:27 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
2012-03-11 12:26:25 -------- d-----w- c:\program files\Junsi
2012-03-11 12:25:50 -------- d-----w- c:\windows\system32\Silabs
.
==================== Find3M ====================
.
2012-03-16 09:14:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 08:29:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 03:47:12 9182208 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:18:56 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18:40 791040 ----a-w- c:\windows\system32\aticfx32.dll
2012-02-15 03:13:56 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13:20 405504 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:12:48 163328 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11:34 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-02-15 03:10:58 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-02-15 03:07:44 6200320 ----a-w- c:\windows\system32\atidxx32.dll
2012-02-15 02:58:56 19392000 ----a-w- c:\windows\system32\atioglxx.dll
2012-02-15 02:40:54 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2012-02-15 02:34:54 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-02-15 02:34:44 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-02-15 02:34:36 5954048 ----a-w- c:\windows\system32\atiumdag.dll
2012-02-15 02:29:52 5062656 ----a-w- c:\windows\system32\atiumdva.dll
2012-02-15 02:29:50 11561984 ----a-w- c:\windows\system32\aticaldd.dll
2012-02-15 02:16:34 51200 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:13:48 356352 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13:32 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13:20 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-02-15 02:12:48 264704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12:14 33280 ----a-w- c:\windows\system32\atiuxpag.dll
2012-02-15 02:12:00 30208 ----a-w- c:\windows\system32\atiu9pag.dll
2012-02-15 02:11:36 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2012-02-15 02:11:22 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-02-15 02:11:10 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 13:56:44.07 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/23/2007 3:55:52 PM
System Uptime: 4/1/2012 1:07:52 PM (0 hours ago)
.
Motherboard: ECS | | MCP61PM-GM
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2210/235mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 324 GiB total, 212.136 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.488 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is FIXED (NTFS) - 24 GiB total, 24.324 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
Page 1