clicked link on facebook chat directed to site that looked like youtube. can not play video instructed to download adobe flash update. both sites appeared genuine at first glance. you tube had comments from FB friends using FB profile pics.
update file unable to open once downloaded. caused computer to shutdown. Always opens in safe mode, able to open with networking for net access. two friends were also fooled into doing this on their computers. ran malwarebytes, hitmanpro and spybot search and destroy. Malware found on all computers, on one appears to be successful and running normally. Other two still repeatedly start in safemode on one computer malwarebytes seemed to be removed without user. all virus signiture databases appear to be up to date.
files C:windows/ufa/ufa.exe and CoinMine may be involved
ran combofix DDS and atach files bellow
any help greatly recieved.
.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by USER at 19:47:00 on 2011-08-24
Microsoft Windows 7 Starter 6.1.7600.0.1252.60.1033.18.1014.509 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.ap.dell.com/content/default ... l=en&s=gen
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [UIExec] "c:\program files\celcom broadband\UIExec.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6302ED27-4FAB-4BE3-8D74-4EA4ED78F58B} : NameServer = 192.168.1.254
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\255736B6371636B696E6E6 : DhcpNameServer = 165.21.100.88 165.21.83.88
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\26A6162636 : DhcpNameServer = 192.168.123.254 0.0.0.0
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\458656022416C636F6E697 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\75962756C6563737B4C4 : DhcpNameServer = 10.0.2.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\8496070796564456241627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\D457C64796D6564696160237F6C6574796F6E6 : DhcpNameServer = 192.168.2.1 203.142.82.222 202.169.33.222 203.142.84.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\xnuqimeg.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-27 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-18 167936]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-11-18 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-24 1153368]
S2 UI Assistant Service;UI Assistant Service;c:\program files\celcom broadband\AssistantServices.exe [2011-6-5 255800]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-18 143840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-6-5 9216]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2010-8-15 103552]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-18 167424]
.
=============== Created Last 30 ================
.
2011-08-24 11:22:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-24 11:22:08 -------- d-----w- c:\users\user\appdata\local\temp
2011-08-24 11:06:59 98816 ----a-w- c:\windows\sed.exe
2011-08-24 11:06:59 518144 ----a-w- c:\windows\SWREG.exe
2011-08-24 11:06:59 256000 ----a-w- c:\windows\PEV.exe
2011-08-24 11:06:59 208896 ----a-w- c:\windows\MBR.exe
2011-08-24 10:15:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 10:15:19 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 09:06:30 -------- d-----w- c:\programdata\Hitman Pro
2011-08-24 07:14:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-24 07:14:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-23 14:37:48 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-08-23 14:37:41 -------- d-----w- c:\programdata\Malwarebytes
2011-08-23 14:37:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 13:53:31 -------- d-----w- c:\windows\ufa
2011-08-19 07:37:33 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c65742de-3bb6-4f17-98df-86f31c451e04}\mpengine.dll
2011-08-11 01:32:57 -------- d-----w- c:\users\user\appdata\roaming\opencpn
2011-08-11 01:32:09 -------- d-----w- c:\program files\OpenCPN
2011-08-11 01:19:02 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-08-11 01:19:01 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-11 01:19:00 673040 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-08-11 01:18:58 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 01:18:57 386048 ----a-w- c:\windows\system32\html.iec
2011-08-11 01:18:57 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-11 01:18:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 01:18:08 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 01:18:06 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 01:16:47 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 01:15:47 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 01:06:20 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-11 01:06:20 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-11 01:06:20 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-11 01:06:20 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-11 01:06:20 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-11 01:06:20 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-07 11:31:34 -------- d-----w- c:\program files\Totaltide
2011-08-07 11:31:33 -------- d-----w- c:\program files\common files\Chersoft
.
==================== Find3M ====================
.
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:48:14.58 ===============
.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by USER at 19:47:00 on 2011-08-24
Microsoft Windows 7 Starter 6.1.7600.0.1252.60.1033.18.1014.509 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www1.ap.dell.com/content/default ... l=en&s=gen
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GR469A~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [UIExec] "c:\program files\celcom broadband\UIExec.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6302ED27-4FAB-4BE3-8D74-4EA4ED78F58B} : NameServer = 192.168.1.254
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\255736B6371636B696E6E6 : DhcpNameServer = 165.21.100.88 165.21.83.88
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\26A6162636 : DhcpNameServer = 192.168.123.254 0.0.0.0
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\458656022416C636F6E697 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\75962756C6563737B4C4 : DhcpNameServer = 10.0.2.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\8496070796564456241627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{97A450A1-ADB3-4CA9-A4F2-7CC51089FF2C}\D457C64796D6564696160237F6C6574796F6E6 : DhcpNameServer = 192.168.2.1 203.142.82.222 202.169.33.222 203.142.84.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GRA32A~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\xnuqimeg.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-27 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-18 167936]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-11-18 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-24 1153368]
S2 UI Assistant Service;UI Assistant Service;c:\program files\celcom broadband\AssistantServices.exe [2011-6-5 255800]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-18 143840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-6-5 9216]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2010-8-15 103552]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-18 167424]
.
=============== Created Last 30 ================
.
2011-08-24 11:22:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-24 11:22:08 -------- d-----w- c:\users\user\appdata\local\temp
2011-08-24 11:06:59 98816 ----a-w- c:\windows\sed.exe
2011-08-24 11:06:59 518144 ----a-w- c:\windows\SWREG.exe
2011-08-24 11:06:59 256000 ----a-w- c:\windows\PEV.exe
2011-08-24 11:06:59 208896 ----a-w- c:\windows\MBR.exe
2011-08-24 10:15:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 10:15:19 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 09:06:30 -------- d-----w- c:\programdata\Hitman Pro
2011-08-24 07:14:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-24 07:14:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-23 14:37:48 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2011-08-23 14:37:41 -------- d-----w- c:\programdata\Malwarebytes
2011-08-23 14:37:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 13:53:31 -------- d-----w- c:\windows\ufa
2011-08-19 07:37:33 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c65742de-3bb6-4f17-98df-86f31c451e04}\mpengine.dll
2011-08-11 01:32:57 -------- d-----w- c:\users\user\appdata\roaming\opencpn
2011-08-11 01:32:09 -------- d-----w- c:\program files\OpenCPN
2011-08-11 01:19:02 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2011-08-11 01:19:01 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-11 01:19:00 673040 ----a-w- c:\program files\internet explorer\iexplore.exe
2011-08-11 01:18:58 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-11 01:18:57 386048 ----a-w- c:\windows\system32\html.iec
2011-08-11 01:18:57 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-11 01:18:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-11 01:18:08 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 01:18:06 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 01:16:47 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 01:15:47 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-11 01:06:20 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2011-08-11 01:06:20 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-11 01:06:20 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-11 01:06:20 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-11 01:06:20 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-08-11 01:06:20 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-07 11:31:34 -------- d-----w- c:\program files\Totaltide
2011-08-07 11:31:33 -------- d-----w- c:\program files\common files\Chersoft
.
==================== Find3M ====================
.
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:48:14.58 ===============