Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects to other pages when I click on a link


  • Please log in to reply
27 replies to this topic

#1 TinaMW

TinaMW

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 29 January 2012 - 03:00 AM

Hello,

Anytime I search for anything in Google or Mozilla I get redirected to other pages when I click on links displayed in google. Usually it sends me to another search engine but sometimes it goes to a random site. I usually see a redirect as the second entry. so hitting the back key just takes you back to the redirected page.

Can you help me?

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 29 January 2012 - 05:14 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed and you will be advised when I respond to your topic by email.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========


Please take note:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 30 January 2012 - 10:06 PM

Hi,

I hope I got everything you need. Please let me know if you need more info. And, thank you so much for your help!

Tina







.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tina at 20:20:38 on 2012-01-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3949.2527 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Upromise\dca-ua.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Swag_Bucks\Swag_BucksToolbarHelper1.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
mURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228174856.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Upromise\dca-bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [4ECYTQ9SIC] C:\Users\Tina\AppData\Local\Temp\Lqd.exe
uRun: [Facebook Update] "C:\Users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: $talisma_url$
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{53DD130F-C088-40E9-A1DD-729C120B54C3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A2B7FCF5-5B1C-42E0-AC31-5645A8E00968} : DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{A2B7FCF5-5B1C-42E0-AC31-5645A8E00968}\05572707C6564596765627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A2B7FCF5-5B1C-42E0-AC31-5645A8E00968}\34963736F64343233383 : DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{A2B7FCF5-5B1C-42E0-AC31-5645A8E00968}\4596E616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A2B7FCF5-5B1C-42E0-AC31-5645A8E00968}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
BHO-X64: Coupons.com - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228174856.dll
BHO-X64: scriptproxy - No File
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO-X64: Swag Bucks - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Upromise\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
BHO-X64: ToolHelper - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCoup.dll
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Tina\AppData\Local\Roblox\Versions\version-7b3d65c79aa445d1\NPRobloxProxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-7-26 517632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-23 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-6-20 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-6-20 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-6-20 161168]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-16 2314240]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-11 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-11 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-01-26 04:11:09 -------- d-----w- C:\Program Files\iTunes
2012-01-26 04:11:09 -------- d-----w- C:\Program Files\iPod
2012-01-26 04:11:09 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-18 01:47:12 -------- d-----w- C:\Program Files (x86)\MyWebSearch
2012-01-10 22:33:00 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-10 22:33:00 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-10 22:32:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-10 22:32:59 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-10 22:32:57 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-10 22:32:57 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-10 22:32:55 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-10 22:32:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-03 16:22:01 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22:01 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-01-29 14:23:36 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-12-11 15:33:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2009-04-08 18:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 20:21:01.10 ===============

Attached Files

  • Attached File  ark.txt   605bytes   1 downloads


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 30 January 2012 - 10:27 PM

Hi Tina,

Please download Listparts64


  • Run the tool
  • Click Scan
  • Post the log (Result.txt) it makes.

==========

Next:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

==========

Then:

Download TDSSKiller.zip

  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


==========

Lastly:

Please download ComboFix:

Link

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Right click it and run as admin & follow the prompts.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 31 January 2012 - 10:53 PM

OK, here you go... again, please let me know if I missed anything and thank you so much for you help!

Tina







ListParts by Farbar
Ran by Tina on 31-01-2012 at 19:50:12
Windows 7 (X64)
Running From: C:\Users\Tina\Downloads
************************************************************

========================= Memory info ======================

Percentage of memory in use: 38%
Total physical RAM: 3948.54 MB
Available physical RAM: 2418.78 MB
Total Pagefile: 7895.28 MB
Available Pagefile: 5293.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:26.1 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (DATA) (Fixed) (Total:208.92 GB) (Free:208.88 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB
Partition 2 Primary 74 GB 14 GB
Partition 0 Extended 208 GB 89 GB
Partition 3 Logical 208 GB 89 GB

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 74 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 208 GB Healthy



****** End Of Log ******




aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-31 19:52:59
-----------------------------
19:52:59.110 OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:59.110 Number of processors: 4 586 0x2502
19:52:59.110 ComputerName: TINA-PC UserName: Tina
19:52:59.630 Initialize success
19:54:55.732 AVAST engine defs: 12013100
19:55:04.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:55:04.192 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
19:55:04.212 Disk 0 MBR read successfully
19:55:04.212 Disk 0 MBR scan
19:55:04.222 Disk 0 Windows VISTA default MBR code
19:55:04.232 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
19:55:04.252 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 30716280
19:55:04.262 Disk 0 Partition - 00 0F Extended LBA 213935 MB offset 186996600
19:55:04.282 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 213935 MB offset 186996663
19:55:04.282 Service scanning
19:55:06.232 Modules scanning
19:55:06.232 Disk 0 trace - called modules:
19:55:06.272 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:55:06.603 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc0060]
19:55:06.603 3 CLASSPNP.SYS[fffff88001bb743f] -> nt!IofCallDriver -> [0xfffffa80049febe0]
19:55:06.603 5 ACPI.sys[fffff88000f957a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a01050]
19:55:07.633 AVAST engine scan C:\Windows
19:55:10.663 AVAST engine scan C:\Windows\system32
19:59:19.765 AVAST engine scan C:\Windows\system32\drivers
19:59:33.362 AVAST engine scan C:\Users\Tina
20:16:27.823 AVAST engine scan C:\ProgramData
20:25:16.094 Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
20:25:16.128 The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR.txt"







20:35:37.0517 6648 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
20:35:39.0540 6648 ============================================================
20:35:39.0540 6648 Current date / time: 2012/01/31 20:35:39.0540
20:35:39.0540 6648 SystemInfo:
20:35:39.0540 6648
20:35:39.0540 6648 OS Version: 6.1.7601 ServicePack: 1.0
20:35:39.0540 6648 Product type: Workstation
20:35:39.0540 6648 ComputerName: TINA-PC
20:35:39.0540 6648 UserName: Tina
20:35:39.0540 6648 Windows directory: C:\Windows
20:35:39.0540 6648 System windows directory: C:\Windows
20:35:39.0540 6648 Running under WOW64
20:35:39.0540 6648 Processor architecture: Intel x64
20:35:39.0540 6648 Number of processors: 4
20:35:39.0540 6648 Page size: 0x1000
20:35:39.0540 6648 Boot type: Normal boot
20:35:39.0540 6648 ============================================================
20:35:40.0242 6648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:35:40.0257 6648 \Device\Harddisk0\DR0:
20:35:40.0273 6648 MBR used
20:35:40.0273 6648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x950A600
20:35:40.0304 6648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xB2557B7, BlocksNum 0x1A1D7F0A
20:35:40.0397 6648 Initialize success
20:35:40.0397 6648 ============================================================
20:35:43.0832 6428 ============================================================
20:35:43.0832 6428 Scan started
20:35:43.0832 6428 Mode: Manual;
20:35:43.0832 6428 ============================================================
20:35:44.0268 6428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:35:44.0268 6428 1394ohci - ok
20:35:44.0346 6428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:35:44.0346 6428 ACPI - ok
20:35:44.0440 6428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:35:44.0440 6428 AcpiPmi - ok
20:35:44.0518 6428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:35:44.0518 6428 adp94xx - ok
20:35:44.0636 6428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:35:44.0636 6428 adpahci - ok
20:35:44.0676 6428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:35:44.0676 6428 adpu320 - ok
20:35:44.0836 6428 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:35:44.0846 6428 AFD - ok
20:35:44.0926 6428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:35:44.0926 6428 agp440 - ok
20:35:44.0996 6428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:35:45.0006 6428 aliide - ok
20:35:45.0086 6428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:35:45.0096 6428 amdide - ok
20:35:45.0156 6428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:35:45.0156 6428 AmdK8 - ok
20:35:45.0196 6428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:35:45.0196 6428 AmdPPM - ok
20:35:45.0286 6428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:35:45.0286 6428 amdsata - ok
20:35:45.0336 6428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:35:45.0336 6428 amdsbs - ok
20:35:45.0366 6428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:35:45.0366 6428 amdxata - ok
20:35:45.0456 6428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:35:45.0456 6428 AppID - ok
20:35:45.0546 6428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:35:45.0546 6428 arc - ok
20:35:45.0617 6428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:35:45.0617 6428 arcsas - ok
20:35:45.0647 6428 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
20:35:45.0647 6428 AsDsm - ok
20:35:45.0737 6428 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:35:45.0737 6428 ASMMAP64 - ok
20:35:45.0827 6428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:35:45.0837 6428 AsyncMac - ok
20:35:45.0887 6428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:35:45.0887 6428 atapi - ok
20:35:45.0977 6428 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
20:35:45.0997 6428 athr - ok
20:35:46.0117 6428 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
20:35:46.0117 6428 AtiHdmiService - ok
20:35:46.0287 6428 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
20:35:46.0487 6428 atikmdag - ok
20:35:46.0597 6428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:35:46.0607 6428 b06bdrv - ok
20:35:46.0707 6428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:35:46.0717 6428 b57nd60a - ok
20:35:46.0857 6428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:35:46.0857 6428 Beep - ok
20:35:46.0917 6428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:35:46.0917 6428 blbdrive - ok
20:35:47.0057 6428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:35:47.0057 6428 bowser - ok
20:35:47.0107 6428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:35:47.0107 6428 BrFiltLo - ok
20:35:47.0177 6428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:35:47.0187 6428 BrFiltUp - ok
20:35:47.0237 6428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:35:47.0237 6428 Brserid - ok
20:35:47.0317 6428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:35:47.0317 6428 BrSerWdm - ok
20:35:47.0357 6428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:35:47.0357 6428 BrUsbMdm - ok
20:35:47.0407 6428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:35:47.0407 6428 BrUsbSer - ok
20:35:47.0477 6428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:35:47.0477 6428 BTHMODEM - ok
20:35:47.0537 6428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:35:47.0547 6428 cdfs - ok
20:35:47.0627 6428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:35:47.0627 6428 cdrom - ok
20:35:47.0747 6428 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
20:35:47.0757 6428 cfwids - ok
20:35:47.0787 6428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:35:47.0787 6428 circlass - ok
20:35:47.0907 6428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:35:47.0907 6428 CLFS - ok
20:35:47.0987 6428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:35:47.0987 6428 CmBatt - ok
20:35:48.0047 6428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:35:48.0047 6428 cmdide - ok
20:35:48.0087 6428 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:35:48.0087 6428 CNG - ok
20:35:48.0187 6428 CnxtHdAudService (f7ca3accf5aa0e2182546c5be42b2e96) C:\Windows\system32\drivers\CHDRT64.sys
20:35:48.0197 6428 CnxtHdAudService - ok
20:35:48.0277 6428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:35:48.0287 6428 Compbatt - ok
20:35:48.0327 6428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:35:48.0337 6428 CompositeBus - ok
20:35:48.0427 6428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:35:48.0437 6428 crcdisk - ok
20:35:48.0497 6428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:35:48.0497 6428 DfsC - ok
20:35:48.0587 6428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:35:48.0587 6428 discache - ok
20:35:48.0627 6428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:35:48.0637 6428 Disk - ok
20:35:48.0744 6428 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:35:48.0744 6428 Dot4 - ok
20:35:48.0806 6428 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
20:35:48.0806 6428 Dot4Print - ok
20:35:48.0869 6428 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:35:48.0884 6428 dot4usb - ok
20:35:48.0915 6428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:35:48.0931 6428 drmkaud - ok
20:35:48.0978 6428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:35:48.0993 6428 DXGKrnl - ok
20:35:49.0134 6428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:35:49.0212 6428 ebdrv - ok
20:35:49.0321 6428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:35:49.0337 6428 elxstor - ok
20:35:49.0415 6428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:35:49.0415 6428 ErrDev - ok
20:35:49.0461 6428 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
20:35:49.0461 6428 ETD - ok
20:35:49.0539 6428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:35:49.0539 6428 exfat - ok
20:35:49.0571 6428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:35:49.0571 6428 fastfat - ok
20:35:49.0602 6428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:35:49.0602 6428 fdc - ok
20:35:49.0680 6428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:35:49.0680 6428 FileInfo - ok
20:35:49.0695 6428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:35:49.0695 6428 Filetrace - ok
20:35:49.0836 6428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:35:49.0836 6428 flpydisk - ok
20:35:49.0883 6428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:35:49.0898 6428 FltMgr - ok
20:35:49.0914 6428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:35:49.0914 6428 FsDepends - ok
20:35:50.0007 6428 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
20:35:50.0007 6428 fssfltr - ok
20:35:50.0054 6428 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:35:50.0054 6428 Fs_Rec - ok
20:35:50.0148 6428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:35:50.0148 6428 fvevol - ok
20:35:50.0195 6428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:35:50.0195 6428 gagp30kx - ok
20:35:50.0288 6428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:35:50.0288 6428 GEARAspiWDM - ok
20:35:50.0397 6428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:35:50.0397 6428 hcw85cir - ok
20:35:50.0444 6428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:35:50.0460 6428 HdAudAddService - ok
20:35:50.0538 6428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:35:50.0553 6428 HDAudBus - ok
20:35:50.0600 6428 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:35:50.0616 6428 HECIx64 - ok
20:35:50.0678 6428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:35:50.0678 6428 HidBatt - ok
20:35:50.0709 6428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:35:50.0725 6428 HidBth - ok
20:35:50.0741 6428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:35:50.0741 6428 HidIr - ok
20:35:50.0865 6428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:35:50.0865 6428 HidUsb - ok
20:35:50.0975 6428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:35:50.0990 6428 HpSAMD - ok
20:35:51.0053 6428 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:35:51.0053 6428 HTCAND64 - ok
20:35:51.0162 6428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:35:51.0162 6428 HTTP - ok
20:35:51.0255 6428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:35:51.0255 6428 hwpolicy - ok
20:35:51.0318 6428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:35:51.0318 6428 i8042prt - ok
20:35:51.0396 6428 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
20:35:51.0396 6428 iaStor - ok
20:35:51.0458 6428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:35:51.0474 6428 iaStorV - ok
20:35:51.0583 6428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:35:51.0583 6428 iirsp - ok
20:35:51.0630 6428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:35:51.0630 6428 intelide - ok
20:35:51.0661 6428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:35:51.0661 6428 intelppm - ok
20:35:51.0755 6428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:35:51.0755 6428 IpFilterDriver - ok
20:35:51.0786 6428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:35:51.0801 6428 IPMIDRV - ok
20:35:51.0833 6428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:35:51.0833 6428 IPNAT - ok
20:35:51.0926 6428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:35:51.0926 6428 IRENUM - ok
20:35:51.0957 6428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:35:51.0957 6428 isapnp - ok
20:35:51.0989 6428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:35:52.0004 6428 iScsiPrt - ok
20:35:52.0082 6428 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
20:35:52.0098 6428 JMCR - ok
20:35:52.0129 6428 JME (6249a8a49d3d80adc136c4a332a28bbb) C:\Windows\system32\DRIVERS\JME.sys
20:35:52.0129 6428 JME - ok
20:35:52.0207 6428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:35:52.0207 6428 kbdclass - ok
20:35:52.0254 6428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:35:52.0254 6428 kbdhid - ok
20:35:52.0347 6428 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
20:35:52.0347 6428 kbfiltr - ok
20:35:52.0379 6428 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:35:52.0379 6428 KSecDD - ok
20:35:52.0410 6428 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:35:52.0425 6428 KSecPkg - ok
20:35:52.0503 6428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:35:52.0503 6428 ksthunk - ok
20:35:52.0550 6428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:35:52.0550 6428 lltdio - ok
20:35:52.0644 6428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:35:52.0659 6428 LSI_FC - ok
20:35:52.0675 6428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:35:52.0691 6428 LSI_SAS - ok
20:35:52.0722 6428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:35:52.0722 6428 LSI_SAS2 - ok
20:35:52.0815 6428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:35:52.0815 6428 LSI_SCSI - ok
20:35:52.0847 6428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:35:52.0847 6428 luafv - ok
20:35:52.0893 6428 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
20:35:52.0893 6428 lullaby - ok
20:35:53.0081 6428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:35:53.0081 6428 megasas - ok
20:35:53.0112 6428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:35:53.0127 6428 MegaSR - ok
20:35:53.0221 6428 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
20:35:53.0221 6428 mfeapfk - ok
20:35:53.0283 6428 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
20:35:53.0283 6428 mfeavfk - ok
20:35:53.0393 6428 mfeavfk01 - ok
20:35:53.0455 6428 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
20:35:53.0455 6428 mfefirek - ok
20:35:53.0564 6428 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
20:35:53.0580 6428 mfehidk - ok
20:35:53.0658 6428 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
20:35:53.0673 6428 mfenlfk - ok
20:35:53.0705 6428 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
20:35:53.0705 6428 mferkdet - ok
20:35:53.0827 6428 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
20:35:53.0827 6428 mfewfpk - ok
20:35:53.0867 6428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:35:53.0867 6428 Modem - ok
20:35:53.0897 6428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:35:53.0897 6428 monitor - ok
20:35:53.0977 6428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:35:53.0977 6428 mouclass - ok
20:35:54.0017 6428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:35:54.0017 6428 mouhid - ok
20:35:54.0107 6428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:35:54.0107 6428 mountmgr - ok
20:35:54.0147 6428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:35:54.0147 6428 mpio - ok
20:35:54.0177 6428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:35:54.0177 6428 mpsdrv - ok
20:35:54.0267 6428 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
20:35:54.0277 6428 MREMP50 - ok
20:35:54.0357 6428 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
20:35:54.0367 6428 MREMP50a64 - ok
20:35:54.0367 6428 MREMPR5 - ok
20:35:54.0377 6428 MRENDIS5 - ok
20:35:54.0477 6428 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
20:35:54.0477 6428 MRESP50 - ok
20:35:54.0557 6428 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
20:35:54.0557 6428 MRESP50a64 - ok
20:35:54.0637 6428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:35:54.0647 6428 MRxDAV - ok
20:35:54.0687 6428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:35:54.0687 6428 mrxsmb - ok
20:35:54.0727 6428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:35:54.0737 6428 mrxsmb10 - ok
20:35:54.0807 6428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:35:54.0807 6428 mrxsmb20 - ok
20:35:54.0847 6428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:35:54.0847 6428 msahci - ok
20:35:54.0877 6428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:35:54.0877 6428 msdsm - ok
20:35:54.0957 6428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:35:54.0957 6428 Msfs - ok
20:35:54.0987 6428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:35:54.0987 6428 mshidkmdf - ok
20:35:55.0017 6428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:35:55.0017 6428 msisadrv - ok
20:35:55.0107 6428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:35:55.0107 6428 MSKSSRV - ok
20:35:55.0127 6428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:35:55.0127 6428 MSPCLOCK - ok
20:35:55.0147 6428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:35:55.0147 6428 MSPQM - ok
20:35:55.0187 6428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:35:55.0187 6428 MsRPC - ok
20:35:55.0247 6428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:35:55.0257 6428 mssmbios - ok
20:35:55.0297 6428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:35:55.0297 6428 MSTEE - ok
20:35:55.0317 6428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:35:55.0317 6428 MTConfig - ok
20:35:55.0407 6428 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:35:55.0407 6428 MTsensor - ok
20:35:55.0457 6428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:35:55.0457 6428 Mup - ok
20:35:55.0557 6428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:35:55.0567 6428 NativeWifiP - ok
20:35:55.0657 6428 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:35:55.0667 6428 NDIS - ok
20:35:55.0747 6428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:35:55.0747 6428 NdisCap - ok
20:35:55.0777 6428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:35:55.0777 6428 NdisTapi - ok
20:35:55.0817 6428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:35:55.0817 6428 Ndisuio - ok
20:35:55.0926 6428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:35:55.0926 6428 NdisWan - ok
20:35:55.0973 6428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:35:55.0973 6428 NDProxy - ok
20:35:56.0067 6428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:35:56.0067 6428 NetBIOS - ok
20:35:56.0113 6428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:35:56.0113 6428 NetBT - ok
20:35:56.0223 6428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:35:56.0223 6428 nfrd960 - ok
20:35:56.0238 6428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:35:56.0238 6428 Npfs - ok
20:35:56.0269 6428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:35:56.0269 6428 nsiproxy - ok
20:35:56.0316 6428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:35:56.0332 6428 Ntfs - ok
20:35:56.0488 6428 ntk_dtv (10694a19236a6355741914c3737cf3a5) C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
20:35:56.0488 6428 ntk_dtv - ok
20:35:56.0566 6428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:35:56.0566 6428 Null - ok
20:35:56.0628 6428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:35:56.0644 6428 nvraid - ok
20:35:56.0737 6428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:35:56.0737 6428 nvstor - ok
20:35:56.0769 6428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:35:56.0784 6428 nv_agp - ok
20:35:56.0862 6428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:35:56.0878 6428 ohci1394 - ok
20:35:56.0940 6428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:35:56.0940 6428 Parport - ok
20:35:57.0034 6428 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:35:57.0034 6428 partmgr - ok
20:35:57.0065 6428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:35:57.0081 6428 pci - ok
20:35:57.0127 6428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:35:57.0127 6428 pciide - ok
20:35:57.0174 6428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:35:57.0174 6428 pcmcia - ok
20:35:57.0205 6428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:35:57.0205 6428 pcw - ok
20:35:57.0252 6428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:35:57.0252 6428 PEAUTH - ok
20:35:57.0408 6428 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
20:35:57.0408 6428 Point64 - ok
20:35:57.0455 6428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:35:57.0455 6428 PptpMiniport - ok
20:35:57.0543 6428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:35:57.0553 6428 Processor - ok
20:35:57.0623 6428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:35:57.0623 6428 Psched - ok
20:35:57.0743 6428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:35:57.0763 6428 ql2300 - ok
20:35:57.0853 6428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:35:57.0853 6428 ql40xx - ok
20:35:57.0873 6428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:35:57.0883 6428 QWAVEdrv - ok
20:35:57.0893 6428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:35:57.0903 6428 RasAcd - ok
20:35:57.0953 6428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:35:57.0953 6428 RasAgileVpn - ok
20:35:58.0013 6428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:35:58.0023 6428 Rasl2tp - ok
20:35:58.0063 6428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:35:58.0073 6428 RasPppoe - ok
20:35:58.0093 6428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:35:58.0093 6428 RasSstp - ok
20:35:58.0113 6428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:35:58.0113 6428 rdbss - ok
20:35:58.0153 6428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:35:58.0163 6428 rdpbus - ok
20:35:58.0203 6428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:35:58.0203 6428 RDPCDD - ok
20:35:58.0243 6428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:35:58.0243 6428 RDPENCDD - ok
20:35:58.0283 6428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:35:58.0283 6428 RDPREFMP - ok
20:35:58.0353 6428 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:35:58.0363 6428 RDPWD - ok
20:35:58.0413 6428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:35:58.0413 6428 rdyboost - ok
20:35:58.0473 6428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:35:58.0473 6428 rspndr - ok
20:35:58.0533 6428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:35:58.0533 6428 sbp2port - ok
20:35:58.0583 6428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:35:58.0583 6428 scfilter - ok
20:35:58.0673 6428 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:35:58.0683 6428 sdbus - ok
20:35:58.0753 6428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:35:58.0763 6428 secdrv - ok
20:35:58.0813 6428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:35:58.0813 6428 Serenum - ok
20:35:58.0893 6428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:35:58.0903 6428 Serial - ok
20:35:58.0963 6428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:35:58.0973 6428 sermouse - ok
20:35:59.0023 6428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:35:59.0033 6428 sffdisk - ok
20:35:59.0043 6428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:35:59.0043 6428 sffp_mmc - ok
20:35:59.0083 6428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:35:59.0083 6428 sffp_sd - ok
20:35:59.0133 6428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:35:59.0133 6428 sfloppy - ok
20:35:59.0223 6428 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
20:35:59.0223 6428 SiSGbeLH - ok
20:35:59.0273 6428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:35:59.0273 6428 SiSRaid2 - ok
20:35:59.0293 6428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:35:59.0293 6428 SiSRaid4 - ok
20:35:59.0353 6428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:35:59.0353 6428 Smb - ok
20:35:59.0473 6428 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
20:35:59.0483 6428 SNP2UVC - ok
20:35:59.0533 6428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:35:59.0533 6428 spldr - ok
20:35:59.0593 6428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:35:59.0609 6428 srv - ok
20:35:59.0655 6428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:35:59.0671 6428 srv2 - ok
20:35:59.0718 6428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:35:59.0718 6428 srvnet - ok
20:35:59.0780 6428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:35:59.0780 6428 stexstor - ok
20:35:59.0843 6428 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:35:59.0858 6428 StillCam - ok
20:35:59.0936 6428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:35:59.0936 6428 swenum - ok
20:36:00.0045 6428 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:36:00.0061 6428 Tcpip - ok
20:36:00.0186 6428 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:36:00.0201 6428 TCPIP6 - ok
20:36:00.0295 6428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:36:00.0311 6428 tcpipreg - ok
20:36:00.0342 6428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:36:00.0342 6428 TDPIPE - ok
20:36:00.0357 6428 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:36:00.0373 6428 TDTCP - ok
20:36:00.0467 6428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:36:00.0467 6428 tdx - ok
20:36:00.0512 6428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:36:00.0512 6428 TermDD - ok
20:36:00.0632 6428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:36:00.0632 6428 tssecsrv - ok
20:36:00.0722 6428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:36:00.0722 6428 TsUsbFlt - ok
20:36:00.0832 6428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:36:00.0832 6428 tunnel - ok
20:36:00.0862 6428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:36:00.0872 6428 uagp35 - ok
20:36:00.0912 6428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:36:00.0922 6428 udfs - ok
20:36:01.0002 6428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:36:01.0002 6428 uliagpkx - ok
20:36:01.0042 6428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:36:01.0052 6428 umbus - ok
20:36:01.0162 6428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:36:01.0162 6428 UmPass - ok
20:36:01.0252 6428 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:36:01.0252 6428 USBAAPL64 - ok
20:36:01.0322 6428 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:36:01.0322 6428 usbaudio - ok
20:36:01.0372 6428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:36:01.0382 6428 usbccgp - ok
20:36:01.0422 6428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:36:01.0422 6428 usbcir - ok
20:36:01.0482 6428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:36:01.0482 6428 usbehci - ok
20:36:01.0542 6428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:36:01.0542 6428 usbhub - ok
20:36:01.0572 6428 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:36:01.0572 6428 usbohci - ok
20:36:01.0622 6428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:36:01.0622 6428 usbprint - ok
20:36:01.0682 6428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:36:01.0692 6428 usbscan - ok
20:36:01.0742 6428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
20:36:01.0742 6428 USBSTOR - ok
20:36:01.0802 6428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:36:01.0802 6428 usbuhci - ok
20:36:01.0872 6428 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:36:01.0882 6428 usbvideo - ok
20:36:01.0952 6428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:36:01.0962 6428 vdrvroot - ok
20:36:02.0012 6428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:36:02.0012 6428 vga - ok
20:36:02.0052 6428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:36:02.0062 6428 VgaSave - ok
20:36:02.0102 6428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:36:02.0102 6428 vhdmp - ok
20:36:02.0152 6428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:36:02.0152 6428 viaide - ok
20:36:02.0202 6428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:36:02.0212 6428 volmgr - ok
20:36:02.0262 6428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:36:02.0272 6428 volmgrx - ok
20:36:02.0332 6428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:36:02.0332 6428 volsnap - ok
20:36:02.0382 6428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:36:02.0392 6428 vsmraid - ok
20:36:02.0412 6428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:36:02.0412 6428 vwifibus - ok
20:36:02.0452 6428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:36:02.0452 6428 vwififlt - ok
20:36:02.0512 6428 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:36:02.0512 6428 vwifimp - ok
20:36:02.0548 6428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:36:02.0548 6428 WacomPen - ok
20:36:02.0626 6428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:36:02.0626 6428 WANARP - ok
20:36:02.0641 6428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:36:02.0641 6428 Wanarpv6 - ok
20:36:02.0704 6428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:36:02.0704 6428 Wd - ok
20:36:02.0735 6428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:36:02.0751 6428 Wdf01000 - ok
20:36:02.0875 6428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:36:02.0875 6428 WfpLwf - ok
20:36:02.0907 6428 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
20:36:02.0922 6428 WimFltr - ok
20:36:03.0016 6428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:36:03.0016 6428 WIMMount - ok
20:36:03.0172 6428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:36:03.0172 6428 WinUsb - ok
20:36:03.0219 6428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:36:03.0219 6428 WmiAcpi - ok
20:36:03.0328 6428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:36:03.0328 6428 ws2ifsl - ok
20:36:03.0390 6428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:36:03.0390 6428 WudfPf - ok
20:36:03.0484 6428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:36:03.0484 6428 WUDFRd - ok
20:36:03.0531 6428 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:36:03.0577 6428 \Device\Harddisk0\DR0 - ok
20:36:03.0577 6428 Boot (0x1200) (ebe5a0099ba23ebcc937fbc0d1e36892) \Device\Harddisk0\DR0\Partition0
20:36:03.0577 6428 \Device\Harddisk0\DR0\Partition0 - ok
20:36:03.0593 6428 Boot (0x1200) (cff5cfc26d01647526390b9a2925bc93) \Device\Harddisk0\DR0\Partition1
20:36:03.0609 6428 \Device\Harddisk0\DR0\Partition1 - ok
20:36:03.0609 6428 ============================================================
20:36:03.0609 6428 Scan finished
20:36:03.0609 6428 ============================================================
20:36:03.0624 6952 Detected object count: 0
20:36:03.0624 6952 Actual detected object count: 0
20:36:23.0154 3224 Deinitialize success






ComboFix 12-01-31.01 - Tina 01/31/2012 20:45:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3949.2403 [GMT -6:00]
Running from: c:\users\Tina\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\FunWebProducts
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\FullRemove.exe
c:\users\Tina\AppData\Local\ie_runner_app.exe
c:\users\Tina\AppData\Roaming\.#
c:\users\Tina\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 03:24 . 2012-02-01 03:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 04:11 . 2012-01-26 04:11 -------- d-----w- c:\program files\iTunes
2012-01-26 04:11 . 2012-01-26 04:11 -------- d-----w- c:\program files (x86)\iTunes
2012-01-26 04:11 . 2012-01-26 04:11 -------- d-----w- c:\program files\iPod
2012-01-10 22:33 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 22:33 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-10 22:32 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 22:32 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-10 22:32 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 22:32 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-10 22:32 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-10 22:32 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-01-03 01:01 . 2012-01-03 01:01 -------- d-----w- c:\users\Mcx1-TINA-PC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 03:26 . 2010-05-28 00:43 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-03 00:53 . 2010-05-28 20:16 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-03 00:52 . 2010-05-28 20:16 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-03 00:52 . 2010-05-28 20:15 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-11 15:33 . 2011-05-17 02:52 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 03:06 . 2011-11-30 03:06 0 ---ha-w- c:\users\Tina\AppData\Local\BIT88A2.tmp
2011-11-24 04:52 . 2011-12-19 14:32 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 00:14 . 2011-11-22 00:14 485576 ----a-w- c:\users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-11-05 05:32 . 2011-12-19 14:31 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-19 14:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-20 02:11 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-20 02:11 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-20 02:11 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-20 02:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-20 02:11 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-20 02:11 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-20 02:11 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-20 02:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\prxtbCoup.dll" [2011-03-28 176936]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\Coupons.com\prxtbCoup.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\prxtbCoup.dll" [2011-03-28 176936]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Upromise Update"="c:\program files (x86)\Upromise\dca-ua.exe" [2010-12-02 175800]
"Facebook Update"="c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-14 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="c:\progra~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-16 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-16 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-17 75048]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-17 82416]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001Core.job
- c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-14 16:55]
.
2012-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1461187843-242729082-3767842669-1001UA.job
- c:\users\Tina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-14 16:55]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 02:33]
.
2012-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-12 02:33]
.
2012-02-01 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-20 16:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-10-25 60264]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-06-30 3453440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\33q9h039.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Coupons.com Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1461187843-242729082-3767842669-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**9’„¢Š|]
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f28a3d4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2012-01-31 21:39:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 03:39
.
Pre-Run: 27,762,978,816 bytes free
Post-Run: 28,149,833,728 bytes free
.
- - End Of File - - 69318F65F95A824E97E08F27FF03E213

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 31 January 2012 - 11:01 PM

Quick question before we proceed. Is your browser still redirected?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 01 February 2012 - 05:39 PM

OMG, I just tried it and it seems to be working correctly now. I hadn't even tried again until just now.

Does that mean it is fixed?

#8 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 01 February 2012 - 10:56 PM

Much better. :thumbup2:

This next please..

:exclame: Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :exclame:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the all of the text in the quotebox below (including the hyperlink if present) into it:

4. Combofix might upload a few suspicious files. Please allow this!!

http://www.bleepingcomputer.com/forums/topic440409.html/page__pid__2580625#entry2580625

Suspect::[89]
c:\windows\system32\acovcnt.exe

File::
c:\users\Tina\AppData\Local\BIT88A2.tmp


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please go to Windows Orb(lower left) => Copy and paste the bold line in the search box and click Enter:

"C:\Qoobox\Add-Remove Programs.txt"

A text file opens up, copy and paste the content to your reply.

How is your computer running now?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#9 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 02 February 2012 - 06:56 PM

Update for Microsoft Office 2007 (KB2508958)
ÊÍÏíË áÜ Microsoft Office Excel 2007 Help (KB963678)
ÊÍÏíË áÜ Microsoft Office Powerpoint 2007 Help (KB963669)
ÊÍÏíË áÜ Microsoft Office Word 2007 Help (KB963665)
2007 Microsoft Office system
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Actualização do Microsoft Office Excel 2007 Help (KB963678)
Actualização do Microsoft Office Powerpoint 2007 Help (KB963669)
Actualização do Microsoft Office Word 2007 Help (KB963665)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0 MUI
Adobe Shockwave Player 11.5
Amazon Add to Wish List IE Extension 1.2
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS CopyProtect
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
AT&T Service & Support Tool
ATK Package
att.net Toolbar
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Bing Bar
BufferChm
C4700
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Cisco Connect
Computer Requirements 1.0
ControlDeck
Coupon Printer for Windows
Coupons.com Toolbar
CyberLink LabelPrint
CyberLink Power2Go
Destinations
DeviceDiscovery
DIRECTV2PC Playback Advisor
DIRECTV2PC™
Download Updater (AOL LLC)
Facebook Video Calling 1.1.1.1
FlipShare
Google Earth
Google Update Helper
GPBaseService2
HP Photo Creations
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 24
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
MarketResearch
McAfee Internet Security Suite
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Access MUI (Chinese (Simplified)) 2007
Microsoft Office Access MUI (Chinese (Traditional)) 2007
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (French) 2007
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access MUI (Thai) 2007
Microsoft Office Access MUI (Turkish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel 2007 Help ©ºÑºÍѾഷ (KB963678)
Microsoft Office Excel 2007 Help ¸üР(KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help Güncelleþtirmesi (KB963678)
Microsoft Office Excel 2007 Help §ó·sµ{¦¡ (KB963678)
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office Excel MUI (Chinese (Simplified)) 2007
Microsoft Office Excel MUI (Chinese (Traditional)) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Excel MUI (Thai) 2007
Microsoft Office Excel MUI (Turkish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook 2007 Help ¸üР(KB963677)
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Outlook MUI (Thai) 2007
Microsoft Office Outlook MUI (Turkish) 2007
Microsoft Office Powerpoint 2007 Help ©ºÑºÍѾഷ (KB963669)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help Güncelleþtirmesi (KB963669)
Microsoft Office Powerpoint 2007 Help §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint 2007 §ó·sµ{¦¡ (KB963669)
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Thai) 2007
Microsoft Office PowerPoint MUI (Turkish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing (Chinese (Simplified)) 2007
Microsoft Office Proofing (Chinese (Traditional)) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing (Thai) 2007
Microsoft Office Proofing (Turkish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Publisher MUI (Thai) 2007
Microsoft Office Publisher MUI (Turkish) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Shared MUI (Chinese (Simplified)) 2007
Microsoft Office Shared MUI (Chinese (Traditional)) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared MUI (Thai) 2007
Microsoft Office Shared MUI (Turkish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007 Help ©ºÑºÍѾഷ (KB963665)
Microsoft Office Word 2007 Help ¸üР(KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help Güncelleþtirmesi (KB963665)
Microsoft Office Word 2007 Help §ó·sµ{¦¡ (KB963665)
Microsoft Office Word 2007 §ó·sµ{¦¡ (KB963665)
Microsoft Office Word MUI (Arabic) 2007
Microsoft Office Word MUI (Chinese (Simplified)) 2007
Microsoft Office Word MUI (Chinese (Traditional)) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Office Word MUI (Thai) 2007
Microsoft Office Word MUI (Turkish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Mozilla Firefox 5.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Octoshape add-in for Adobe Flash Player
PS_AIO_06_C4700_SW_Min
QuickTime
QuickTransfer
Roblox for Tina
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
ShufflePlusVLOI
SmartWebPrinting
SolutionCenter
Status
Swag Bucks Toolbar
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Upromise TurboSaver (remove only)
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinFlash
Wireless Console 3
Yahoo! Software Update




Seems to be working great. It isn't redirecting from Google and it seems to have even sped up a little... not that it was running slow. How is it looking on your side?

Attached Files



#10 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 02 February 2012 - 10:14 PM

Your looking great!!

Few last steps..

We need to bring your Java up to date.

  • Update your Java version here:

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
  • Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

==========

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Do any problems remain?

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#11 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 06 February 2012 - 11:55 AM

Hi!

I updated the Java version and removed the older versions; however, when I came to the part about scanning with ESET, it does not give me the option to do an onlinescan. Or, maybe I am just not seeing it so I stopped there. Can you check and let me know what I am missing there please?

Thanks!

Tina

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 06 February 2012 - 03:26 PM

What browser are you using? Which of these steps did not work for you?
http://www.bleepingcomputer.com/forums/topic440409.html/page__view__findpost__p__2582525

Please clarify?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 06 February 2012 - 10:19 PM

I found it... sorry about that.

C:\Users\Tina\AppData\LocalLow\FunWebProducts\Installr\Cache\00CAE15D.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\Tina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\49e03e00-6ba24a38 Java/Agent.AC trojan deleted - quarantined





Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tina :: TINA-PC [administrator]

Protection: Enabled

2/6/2012 9:08:42 PM
mbam-log-2012-02-06 (21-08-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206440
Time elapsed: 5 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 PM

Posted 07 February 2012 - 08:24 AM

Great!

Please give MBAM another run and make sure it returns clean without detections please. Let me know.

Thanks,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 TinaMW

TinaMW
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 10 February 2012 - 08:00 PM

Thanks!

Sorry it took so long to reply this time... this week has been crazy.

Here is the latest scan:


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.10.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tina :: TINA-PC [administrator]

Protection: Enabled

2/10/2012 6:51:44 PM
mbam-log-2012-02-10 (18-51-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206838
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users