Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

P C Might Max -Malware Infection-Really Messed up PC


  • This topic is locked This topic is locked
51 replies to this topic

#1 Char02

Char02

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 26 February 2012 - 10:48 PM

Hi, and thanks for any help you may able to give me. Boopme helped me get to this point. The below link shows he initial problem, but please read the additional information from me to Boopme. This problem started after I made my first post. It took two times powering off my pc this time to open internet explorer and get to this web site, to follow Boopme's instructions. This sentence only makes sense after you read the information in the link below.
I really appreciate any help you may be able to give me. Thanks again!!! Char


My link

99.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Charlotte at 22:03:11 on 2012-02-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3061.1705 [GMT -5:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\PC MightyMax 2011\TrayIcon.exe
C:\Program Files (x86)\RebateInformer\RebateInf.exe
C:\Users\Charlotte\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\AirLink101\AWLH6075\Common\RaUI.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spyware Doctor\Update.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80291&lng=en
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uURLSearchHooks: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
uURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
mURLSearchHooks: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [RebateInformer] C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
uRun: [SmileboxTray] "C:\Users\Charlotte\AppData\Roaming\Smilebox\SmileboxTray.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRLIN~1.LNK - C:\Program Files (x86)\AirLink101\AWLH6075\Common\RaUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{325133A8-B369-404F-A1CD-533921ABE35C} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CC9E194E-6661-454B-A8A2-3E8026FBA6F2} : DhcpNameServer = 192.168.1.1
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~2\REBATE~1\RebateI.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: : {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~2\REBATE~1\RebateI.dll
BHO-X64: Inbox Toolbar: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
BHO-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
BHO-X64: SmileBox EN - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: &Inbox Toolbar: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: SmileBox EN Toolbar: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 pctgntdi;pctgntdi;\??\C:\Windows\system32\drivers\pctgntdi64.sys --> C:\Windows\system32\drivers\pctgntdi64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-2-10 256336]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe [2011-11-9 75040]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe [2011-11-9 210720]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2012-2-10 365280]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2012-2-10 1141712]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-27 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 pctplsg;pctplsg;\??\C:\Windows\System32\drivers\pctplsg64.sys --> C:\Windows\System32\drivers\pctplsg64.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
R3 ThreatFire;ThreatFire;C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe service --> C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe service [?]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-9 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-9 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-15 01:29:36 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 01:29:36 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 01:29:34 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 01:29:34 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 01:29:32 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 01:29:29 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 01:29:14 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 01:29:14 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-10 23:34:00 -------- d-----w- C:\temp
2012-02-10 23:17:00 105552 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-02-10 23:16:54 90704 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-02-10 23:16:54 67664 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-02-10 23:16:54 144464 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-02-10 23:07:16 -------- d-----w- C:\ProgramData\Trend Micro
2012-02-10 23:06:59 -------- d-----w- C:\Program Files\Trend Micro
2012-02-10 09:49:08 388096 ----a-r- C:\Users\Charlotte\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-10 09:49:08 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-10 09:37:29 65072 --s---w- C:\Windows\System32\drivers\TfFsMon.sys
2012-02-10 09:37:29 60416 --s---w- C:\Windows\System32\drivers\TfSysMon.sys
2012-02-10 09:37:29 41888 --s---w- C:\Windows\System32\drivers\TfNetMon.sys
2012-02-10 09:16:36 306648 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-02-10 09:16:36 133072 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-02-10 09:16:28 218056 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-02-10 09:16:24 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-02-10 09:16:18 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\PC Tools
2012-02-10 09:16:18 -------- d-----w- C:\ProgramData\PC Tools
2012-02-10 09:16:18 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
2012-02-10 09:16:18 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-10 09:07:43 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\GetRightToGo
2012-02-04 10:31:57 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\licenses
2012-02-04 10:31:55 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\PCMM2009
2012-02-04 10:31:52 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\PCMM2011
2012-02-04 10:31:17 -------- d-----w- C:\Program Files (x86)\PC MightyMax 2011
2012-02-04 10:08:50 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-03 20:37:24 -------- d-----w- C:\Users\Charlotte\AppData\Local\Smilebox
2012-02-03 20:29:01 -------- d-----w- C:\Program Files (x86)\Conduit
2012-02-03 20:29:00 -------- d-----w- C:\Users\Charlotte\AppData\Local\Conduit
2012-02-03 20:28:59 -------- d-----w- C:\Program Files (x86)\SmileBox_EN
2012-02-03 20:14:56 -------- d-----w- C:\Users\Charlotte\AppData\Roaming\Smilebox
2012-02-03 00:32:23 -------- d-----w- C:\Users\Charlotte\AppData\Local\Apps
2012-02-01 16:08:56 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05CA3C8F-0AAE-479E-8E97-9EC6BAC4815F}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-10 15:27:44 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-31 09:00:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-31 09:00:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-07 15:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 22:10:23.28 ===============

Attached Files


Edited by m0le, 23 March 2012 - 04:54 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:40 AM

Posted 29 February 2012 - 06:44 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Char02

Char02
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 01 March 2012 - 08:52 AM

Hi, Thanks for answering. I have tried for a couple of days to get to this site, but my pc is really having trouble staying on, seems to lock up since I pulled this stupid stunt. So, I know you are really busy, and I will get back to you as soon as I possible can, on this computer. Powering off and on seems to help sometimes. And thanks for helping me. I really appreciate it. You guys (and girls) are a god send.

Just let me know what you want me to do and I will do it. Just rember, you will have to give me some guidance, I'm not real profecent at going deep into the depths of this thing.

Thanks again. Char

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:40 AM

Posted 01 March 2012 - 08:36 PM

We will start with a check on what might be conducting the mayhem in your machine.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then run a rootkit scanner

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Char02

Char02
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 03 March 2012 - 08:08 AM

Hi M0le, and thanks for helping me. I could not get my pc to boot up yesterday (even after 4 power downs), but now I have your insturctions, I try to do as you ask.

Here is the first log you requested:

07:22:47.0040 4656 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
07:22:49.0040 4656 ============================================================
07:22:49.0040 4656 Current date / time: 2012/03/03 07:22:49.0040
07:22:49.0040 4656 SystemInfo:
07:22:49.0040 4656
07:22:49.0040 4656 OS Version: 6.1.7601 ServicePack: 1.0
07:22:49.0040 4656 Product type: Workstation
07:22:49.0040 4656 ComputerName: CHARLOTTE-PC
07:22:49.0040 4656 UserName: Charlotte
07:22:49.0040 4656 Windows directory: C:\Windows
07:22:49.0040 4656 System windows directory: C:\Windows
07:22:49.0040 4656 Running under WOW64
07:22:49.0040 4656 Processor architecture: Intel x64
07:22:49.0040 4656 Number of processors: 2
07:22:49.0040 4656 Page size: 0x1000
07:22:49.0040 4656 Boot type: Normal boot
07:22:49.0040 4656 ============================================================
07:23:02.0310 4656 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:23:02.0340 4656 \Device\Harddisk0\DR0:
07:23:02.0350 4656 MBR used
07:23:02.0350 4656 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2A8C6DD3
07:23:02.0350 4656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2A8C75D3, BlocksNum 0xFABD66E
07:23:02.0480 4656 Initialize success
07:23:02.0480 4656 ============================================================
07:23:19.0080 5548 ============================================================
07:23:19.0080 5548 Scan started
07:23:19.0080 5548 Mode: Manual;
07:23:19.0080 5548 ============================================================
07:23:25.0300 5548 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:23:25.0300 5548 1394ohci - ok
07:23:25.0330 5548 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:23:25.0340 5548 ACPI - ok
07:23:25.0390 5548 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:23:25.0410 5548 AcpiPmi - ok
07:23:25.0760 5548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:23:25.0780 5548 adp94xx - ok
07:23:25.0840 5548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:23:25.0850 5548 adpahci - ok
07:23:25.0880 5548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:23:25.0880 5548 adpu320 - ok
07:23:25.0980 5548 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:23:26.0020 5548 AFD - ok
07:23:26.0080 5548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:23:26.0080 5548 agp440 - ok
07:23:26.0350 5548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:23:26.0360 5548 aliide - ok
07:23:26.0380 5548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:23:26.0390 5548 amdide - ok
07:23:26.0430 5548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:23:26.0430 5548 AmdK8 - ok
07:23:26.0450 5548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:23:26.0460 5548 AmdPPM - ok
07:23:26.0490 5548 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:23:26.0500 5548 amdsata - ok
07:23:26.0520 5548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:23:26.0530 5548 amdsbs - ok
07:23:26.0560 5548 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:23:26.0560 5548 amdxata - ok
07:23:26.0940 5548 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:23:26.0940 5548 AppID - ok
07:23:27.0050 5548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:23:27.0060 5548 arc - ok
07:23:27.0080 5548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:23:27.0090 5548 arcsas - ok
07:23:27.0120 5548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:23:27.0120 5548 AsyncMac - ok
07:23:27.0150 5548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:23:27.0150 5548 atapi - ok
07:23:27.0370 5548 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
07:23:27.0400 5548 AVGIDSDriver - ok
07:23:27.0630 5548 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
07:23:27.0640 5548 AVGIDSEH - ok
07:23:27.0720 5548 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
07:23:27.0740 5548 AVGIDSFilter - ok
07:23:27.0770 5548 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
07:23:27.0790 5548 Avgldx64 - ok
07:23:27.0850 5548 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
07:23:27.0940 5548 Avgmfx64 - ok
07:23:28.0240 5548 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
07:23:28.0260 5548 Avgrkx64 - ok
07:23:28.0380 5548 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
07:23:28.0420 5548 Avgtdia - ok
07:23:28.0510 5548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:23:28.0510 5548 b06bdrv - ok
07:23:28.0590 5548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:23:28.0590 5548 b57nd60a - ok
07:23:28.0650 5548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:23:28.0670 5548 Beep - ok
07:23:28.0770 5548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:23:28.0770 5548 blbdrive - ok
07:23:28.0840 5548 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:23:28.0840 5548 bowser - ok
07:23:28.0940 5548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:23:28.0940 5548 BrFiltLo - ok
07:23:28.0970 5548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:23:28.0970 5548 BrFiltUp - ok
07:23:29.0000 5548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:23:29.0010 5548 Brserid - ok
07:23:29.0030 5548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:23:29.0030 5548 BrSerWdm - ok
07:23:29.0060 5548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:23:29.0060 5548 BrUsbMdm - ok
07:23:29.0310 5548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:23:29.0320 5548 BrUsbSer - ok
07:23:29.0400 5548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:23:29.0410 5548 BTHMODEM - ok
07:23:29.0510 5548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:23:29.0520 5548 cdfs - ok
07:23:29.0570 5548 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:23:29.0580 5548 cdrom - ok
07:23:29.0610 5548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:23:29.0620 5548 circlass - ok
07:23:29.0660 5548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:23:29.0670 5548 CLFS - ok
07:23:29.0980 5548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:23:29.0990 5548 CmBatt - ok
07:23:30.0040 5548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:23:30.0050 5548 cmdide - ok
07:23:30.0130 5548 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:23:30.0140 5548 CNG - ok
07:23:30.0170 5548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:23:30.0170 5548 Compbatt - ok
07:23:30.0220 5548 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:23:30.0220 5548 CompositeBus - ok
07:23:30.0810 5548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:23:30.0830 5548 crcdisk - ok
07:23:31.0010 5548 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:23:31.0020 5548 CSC - ok
07:23:31.0080 5548 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:23:31.0100 5548 DfsC - ok
07:23:31.0130 5548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:23:31.0130 5548 discache - ok
07:23:31.0150 5548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:23:31.0150 5548 Disk - ok
07:23:31.0230 5548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:23:31.0230 5548 drmkaud - ok
07:23:31.0280 5548 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:23:31.0300 5548 DXGKrnl - ok
07:23:31.0450 5548 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
07:23:31.0450 5548 e1express - ok
07:23:31.0580 5548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:23:31.0700 5548 ebdrv - ok
07:23:31.0770 5548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:23:31.0780 5548 elxstor - ok
07:23:31.0820 5548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:23:31.0840 5548 ErrDev - ok
07:23:32.0100 5548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:23:32.0110 5548 exfat - ok
07:23:32.0180 5548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:23:32.0180 5548 fastfat - ok
07:23:32.0230 5548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:23:32.0230 5548 fdc - ok
07:23:32.0350 5548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:23:32.0360 5548 FileInfo - ok
07:23:32.0380 5548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:23:32.0400 5548 Filetrace - ok
07:23:32.0410 5548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:23:32.0420 5548 flpydisk - ok
07:23:32.0480 5548 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:23:32.0480 5548 FltMgr - ok
07:23:32.0570 5548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:23:32.0590 5548 FsDepends - ok
07:23:32.0620 5548 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:23:32.0630 5548 Fs_Rec - ok
07:23:32.0740 5548 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:23:32.0740 5548 fvevol - ok
07:23:32.0770 5548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:23:32.0790 5548 gagp30kx - ok
07:23:32.0820 5548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:23:32.0830 5548 hcw85cir - ok
07:23:32.0880 5548 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:23:32.0880 5548 HdAudAddService - ok
07:23:32.0910 5548 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:23:32.0910 5548 HDAudBus - ok
07:23:32.0970 5548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:23:32.0980 5548 HidBatt - ok
07:23:33.0010 5548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:23:33.0010 5548 HidBth - ok
07:23:33.0060 5548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:23:33.0060 5548 HidIr - ok
07:23:33.0240 5548 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:23:33.0290 5548 HidUsb - ok
07:23:33.0370 5548 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:23:33.0380 5548 HpSAMD - ok
07:23:33.0420 5548 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:23:33.0420 5548 HTTP - ok
07:23:33.0470 5548 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:23:33.0480 5548 hwpolicy - ok
07:23:33.0530 5548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:23:33.0550 5548 i8042prt - ok
07:23:33.0630 5548 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:23:33.0670 5548 iaStorV - ok
07:23:33.0830 5548 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:23:33.0940 5548 igfx - ok
07:23:33.0970 5548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:23:33.0980 5548 iirsp - ok
07:23:34.0010 5548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:23:34.0010 5548 intelide - ok
07:23:34.0030 5548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:23:34.0030 5548 intelppm - ok
07:23:34.0060 5548 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:23:34.0060 5548 IpFilterDriver - ok
07:23:34.0080 5548 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:23:34.0080 5548 IPMIDRV - ok
07:23:34.0110 5548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:23:34.0110 5548 IPNAT - ok
07:23:34.0140 5548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:23:34.0140 5548 IRENUM - ok
07:23:34.0150 5548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:23:34.0160 5548 isapnp - ok
07:23:34.0180 5548 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:23:34.0180 5548 iScsiPrt - ok
07:23:34.0210 5548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:23:34.0210 5548 kbdclass - ok
07:23:34.0230 5548 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:23:34.0230 5548 kbdhid - ok
07:23:34.0260 5548 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:23:34.0260 5548 KSecDD - ok
07:23:34.0280 5548 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:23:34.0280 5548 KSecPkg - ok
07:23:34.0300 5548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:23:34.0310 5548 ksthunk - ok
07:23:34.0360 5548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:23:34.0370 5548 lltdio - ok
07:23:34.0400 5548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:23:34.0400 5548 LSI_FC - ok
07:23:34.0420 5548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:23:34.0420 5548 LSI_SAS - ok
07:23:34.0430 5548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:23:34.0440 5548 LSI_SAS2 - ok
07:23:34.0460 5548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:23:34.0460 5548 LSI_SCSI - ok
07:23:34.0480 5548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:23:34.0480 5548 luafv - ok
07:23:34.0500 5548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:23:34.0510 5548 megasas - ok
07:23:34.0530 5548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:23:34.0530 5548 MegaSR - ok
07:23:34.0550 5548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:23:34.0560 5548 Modem - ok
07:23:34.0580 5548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:23:34.0580 5548 monitor - ok
07:23:34.0610 5548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:23:34.0610 5548 mouclass - ok
07:23:34.0620 5548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:23:34.0620 5548 mouhid - ok
07:23:34.0650 5548 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:23:34.0660 5548 mountmgr - ok
07:23:34.0690 5548 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:23:34.0690 5548 mpio - ok
07:23:34.0710 5548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:23:34.0710 5548 mpsdrv - ok
07:23:34.0740 5548 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:23:34.0740 5548 MRxDAV - ok
07:23:34.0780 5548 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:23:34.0780 5548 mrxsmb - ok
07:23:34.0810 5548 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:23:34.0810 5548 mrxsmb10 - ok
07:23:34.0840 5548 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:23:34.0840 5548 mrxsmb20 - ok
07:23:34.0860 5548 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:23:34.0870 5548 msahci - ok
07:23:34.0880 5548 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:23:34.0890 5548 msdsm - ok
07:23:34.0920 5548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:23:34.0920 5548 Msfs - ok
07:23:34.0950 5548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:23:34.0960 5548 mshidkmdf - ok
07:23:34.0980 5548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:23:34.0980 5548 msisadrv - ok
07:23:35.0020 5548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:23:35.0020 5548 MSKSSRV - ok
07:23:35.0030 5548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:23:35.0030 5548 MSPCLOCK - ok
07:23:35.0040 5548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:23:35.0050 5548 MSPQM - ok
07:23:35.0090 5548 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:23:35.0100 5548 MsRPC - ok
07:23:35.0110 5548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:23:35.0110 5548 mssmbios - ok
07:23:35.0130 5548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:23:35.0130 5548 MSTEE - ok
07:23:35.0140 5548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:23:35.0150 5548 MTConfig - ok
07:23:35.0180 5548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:23:35.0190 5548 Mup - ok
07:23:35.0230 5548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:23:35.0240 5548 NativeWifiP - ok
07:23:35.0290 5548 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:23:35.0300 5548 NDIS - ok
07:23:35.0310 5548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:23:35.0330 5548 NdisCap - ok
07:23:35.0380 5548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:23:35.0400 5548 NdisTapi - ok
07:23:35.0470 5548 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:23:35.0490 5548 Ndisuio - ok
07:23:35.0530 5548 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:23:35.0540 5548 NdisWan - ok
07:23:35.0560 5548 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:23:35.0570 5548 NDProxy - ok
07:23:35.0580 5548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:23:35.0580 5548 NetBIOS - ok
07:23:35.0630 5548 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:23:35.0630 5548 NetBT - ok
07:23:35.0730 5548 netr28x (6560e0240bda43dfe3bdd5fdf7c6670d) C:\Windows\system32\DRIVERS\netr28x.sys
07:23:35.0740 5548 netr28x - ok
07:23:35.0770 5548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:23:35.0780 5548 nfrd960 - ok
07:23:35.0810 5548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:23:35.0830 5548 Npfs - ok
07:23:35.0870 5548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:23:35.0870 5548 nsiproxy - ok
07:23:35.0930 5548 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:23:35.0950 5548 Ntfs - ok
07:23:35.0970 5548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:23:36.0030 5548 Null - ok
07:23:36.0060 5548 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:23:36.0080 5548 nvraid - ok
07:23:36.0130 5548 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:23:36.0140 5548 nvstor - ok
07:23:36.0160 5548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:23:36.0160 5548 nv_agp - ok
07:23:36.0200 5548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:23:36.0200 5548 ohci1394 - ok
07:23:36.0240 5548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:23:36.0240 5548 Parport - ok
07:23:36.0280 5548 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:23:36.0280 5548 partmgr - ok
07:23:36.0300 5548 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:23:36.0310 5548 pci - ok
07:23:36.0320 5548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:23:36.0330 5548 pciide - ok
07:23:36.0340 5548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:23:36.0340 5548 pcmcia - ok
07:23:36.0380 5548 PCTCore (3a68080572b81577791a7b19bb880da9) C:\Windows\system32\drivers\PCTCore64.sys
07:23:36.0390 5548 PCTCore - ok
07:23:36.0410 5548 pctgntdi (d6ad12ef986484d692253caca6882d89) C:\Windows\system32\drivers\pctgntdi64.sys
07:23:36.0420 5548 pctgntdi - ok
07:23:36.0450 5548 pctplsg (ccc67d848660b513ad01356b324727b2) C:\Windows\System32\drivers\pctplsg64.sys
07:23:36.0460 5548 pctplsg - ok
07:23:36.0470 5548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:23:36.0480 5548 pcw - ok
07:23:36.0500 5548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:23:36.0510 5548 PEAUTH - ok
07:23:36.0600 5548 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:23:36.0600 5548 PptpMiniport - ok
07:23:36.0620 5548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:23:36.0620 5548 Processor - ok
07:23:36.0660 5548 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:23:36.0670 5548 Psched - ok
07:23:36.0690 5548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:23:36.0710 5548 ql2300 - ok
07:23:36.0740 5548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:23:36.0740 5548 ql40xx - ok
07:23:36.0760 5548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:23:36.0760 5548 QWAVEdrv - ok
07:23:36.0820 5548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:23:36.0820 5548 RasAcd - ok
07:23:36.0850 5548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:23:36.0850 5548 RasAgileVpn - ok
07:23:36.0890 5548 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:23:36.0890 5548 Rasl2tp - ok
07:23:36.0910 5548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:23:36.0920 5548 RasPppoe - ok
07:23:36.0940 5548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:23:36.0950 5548 RasSstp - ok
07:23:36.0970 5548 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:23:36.0970 5548 rdbss - ok
07:23:36.0990 5548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:23:36.0990 5548 rdpbus - ok
07:23:37.0010 5548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:23:37.0010 5548 RDPCDD - ok
07:23:37.0050 5548 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:23:37.0050 5548 RDPDR - ok
07:23:37.0070 5548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:23:37.0070 5548 RDPENCDD - ok
07:23:37.0090 5548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:23:37.0090 5548 RDPREFMP - ok
07:23:37.0140 5548 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:23:37.0140 5548 RdpVideoMiniport - ok
07:23:37.0180 5548 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:23:37.0190 5548 RDPWD - ok
07:23:37.0230 5548 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:23:37.0240 5548 rdyboost - ok
07:23:37.0330 5548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:23:37.0340 5548 rspndr - ok
07:23:37.0390 5548 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:23:37.0390 5548 s3cap - ok
07:23:37.0420 5548 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:23:37.0430 5548 sbp2port - ok
07:23:37.0460 5548 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:23:37.0460 5548 scfilter - ok
07:23:37.0510 5548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:23:37.0510 5548 secdrv - ok
07:23:37.0590 5548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:23:37.0610 5548 Serenum - ok
07:23:37.0640 5548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:23:37.0640 5548 Serial - ok
07:23:37.0670 5548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:23:37.0670 5548 sermouse - ok
07:23:37.0770 5548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:23:37.0780 5548 sffdisk - ok
07:23:37.0790 5548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:23:37.0800 5548 sffp_mmc - ok
07:23:37.0820 5548 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:23:37.0820 5548 sffp_sd - ok
07:23:37.0910 5548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:23:37.0950 5548 sfloppy - ok
07:23:38.0090 5548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:23:38.0120 5548 SiSRaid2 - ok
07:23:38.0260 5548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:23:38.0270 5548 SiSRaid4 - ok
07:23:38.0300 5548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:23:38.0310 5548 Smb - ok
07:23:38.0410 5548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:23:38.0430 5548 spldr - ok
07:23:38.0610 5548 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:23:38.0650 5548 srv - ok
07:23:38.0820 5548 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:23:38.0850 5548 srv2 - ok
07:23:38.0920 5548 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:23:38.0940 5548 srvnet - ok
07:23:39.0000 5548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:23:39.0000 5548 stexstor - ok
07:23:39.0040 5548 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:23:39.0050 5548 storflt - ok
07:23:39.0060 5548 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:23:39.0070 5548 storvsc - ok
07:23:39.0090 5548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:23:39.0090 5548 swenum - ok
07:23:39.0110 5548 Synth3dVsc - ok
07:23:39.0180 5548 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:23:39.0220 5548 Tcpip - ok
07:23:39.0250 5548 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:23:39.0270 5548 TCPIP6 - ok
07:23:39.0310 5548 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:23:39.0310 5548 tcpipreg - ok
07:23:39.0340 5548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:23:39.0350 5548 TDPIPE - ok
07:23:39.0360 5548 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:23:39.0360 5548 TDTCP - ok
07:23:39.0400 5548 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:23:39.0410 5548 tdx - ok
07:23:39.0440 5548 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:23:39.0450 5548 TermDD - ok
07:23:39.0480 5548 TfFsMon (4b1c89130cf2e86921674de5ae7814e2) C:\Windows\system32\drivers\TfFsMon.sys
07:23:39.0480 5548 TfFsMon - ok
07:23:39.0500 5548 TfNetMon (a43b4746fb15e85ba816102c8ac5ef98) C:\Windows\system32\drivers\TfNetMon.sys
07:23:39.0510 5548 TfNetMon - ok
07:23:39.0530 5548 TfSysMon (761f2e2b759389a472bd3d94141742b9) C:\Windows\system32\drivers\TfSysMon.sys
07:23:39.0530 5548 TfSysMon - ok
07:23:39.0600 5548 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
07:23:39.0600 5548 tmactmon - ok
07:23:39.0650 5548 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
07:23:39.0650 5548 tmcomm - ok
07:23:39.0660 5548 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
07:23:39.0670 5548 tmevtmgr - ok
07:23:39.0700 5548 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
07:23:39.0710 5548 tmtdi - ok
07:23:39.0760 5548 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:23:39.0760 5548 tssecsrv - ok
07:23:39.0790 5548 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:23:39.0790 5548 TsUsbFlt - ok
07:23:39.0800 5548 tsusbhub - ok
07:23:39.0840 5548 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:23:39.0850 5548 tunnel - ok
07:23:39.0870 5548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:23:39.0880 5548 uagp35 - ok
07:23:39.0910 5548 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:23:39.0910 5548 udfs - ok
07:23:39.0940 5548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:23:39.0940 5548 uliagpkx - ok
07:23:39.0980 5548 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:23:39.0980 5548 umbus - ok
07:23:39.0990 5548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:23:40.0000 5548 UmPass - ok
07:23:40.0020 5548 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:23:40.0020 5548 usbccgp - ok
07:23:40.0130 5548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:23:40.0130 5548 usbcir - ok
07:23:40.0160 5548 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:23:40.0160 5548 usbehci - ok
07:23:40.0180 5548 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:23:40.0190 5548 usbhub - ok
07:23:40.0200 5548 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:23:40.0200 5548 usbohci - ok
07:23:40.0220 5548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:23:40.0230 5548 usbprint - ok
07:23:40.0250 5548 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:23:40.0260 5548 usbscan - ok
07:23:40.0280 5548 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
07:23:40.0280 5548 USBSTOR - ok
07:23:40.0300 5548 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
07:23:40.0300 5548 usbuhci - ok
07:23:40.0360 5548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:23:40.0360 5548 vdrvroot - ok
07:23:40.0390 5548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:23:40.0400 5548 vga - ok
07:23:40.0410 5548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:23:40.0420 5548 VgaSave - ok
07:23:40.0430 5548 VGPU - ok
07:23:40.0460 5548 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:23:40.0460 5548 vhdmp - ok
07:23:40.0480 5548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:23:40.0480 5548 viaide - ok
07:23:40.0500 5548 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:23:40.0500 5548 vmbus - ok
07:23:40.0530 5548 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:23:40.0530 5548 VMBusHID - ok
07:23:40.0550 5548 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:23:40.0550 5548 volmgr - ok
07:23:40.0590 5548 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:23:40.0600 5548 volmgrx - ok
07:23:40.0620 5548 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:23:40.0630 5548 volsnap - ok
07:23:40.0650 5548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:23:40.0660 5548 vsmraid - ok
07:23:40.0700 5548 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS
07:23:40.0700 5548 VST64HWBS2 - ok
07:23:40.0740 5548 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
07:23:40.0760 5548 VST64_DPV - ok
07:23:40.0820 5548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:23:40.0830 5548 vwifibus - ok
07:23:40.0850 5548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:23:40.0850 5548 vwififlt - ok
07:23:40.0870 5548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:23:40.0870 5548 WacomPen - ok
07:23:40.0900 5548 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:23:40.0900 5548 WANARP - ok
07:23:40.0900 5548 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:23:40.0910 5548 Wanarpv6 - ok
07:23:40.0950 5548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:23:40.0950 5548 Wd - ok
07:23:40.0970 5548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:23:40.0980 5548 Wdf01000 - ok
07:23:41.0030 5548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:23:41.0040 5548 WfpLwf - ok
07:23:41.0130 5548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:23:41.0130 5548 WIMMount - ok
07:23:41.0170 5548 winachsf (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
07:23:41.0180 5548 winachsf - ok
07:23:41.0240 5548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:23:41.0240 5548 WmiAcpi - ok
07:23:41.0270 5548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:23:41.0280 5548 ws2ifsl - ok
07:23:41.0320 5548 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:23:41.0330 5548 WudfPf - ok
07:23:41.0350 5548 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:23:41.0350 5548 WUDFRd - ok
07:23:41.0400 5548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:23:41.0460 5548 \Device\Harddisk0\DR0 - ok
07:23:41.0460 5548 Boot (0x1200) (dcdedef924d9ba7bbca7508d0632331b) \Device\Harddisk0\DR0\Partition0
07:23:41.0460 5548 \Device\Harddisk0\DR0\Partition0 - ok
07:23:41.0490 5548 Boot (0x1200) (c57b2025c6dee31b22390b5ac4c017b3) \Device\Harddisk0\DR0\Partition1
07:23:41.0490 5548 \Device\Harddisk0\DR0\Partition1 - ok
07:23:41.0490 5548 ============================================================
07:23:41.0490 5548 Scan finished
07:23:41.0490 5548 ============================================================
07:23:41.0510 5620 Detected object count: 0
07:23:41.0510 5620 Actual detected object count: 0
07:24:08.0140 4408 Deinitialize success



Here is the 2nd report: Question: Did you want these two records sent to you as two responses or is this Ok as is?


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 07:37:38
-----------------------------
07:37:38.103 OS Version: Windows x64 6.1.7601 Service Pack 1
07:37:38.103 Number of processors: 2 586 0x1706
07:37:38.103 ComputerName: CHARLOTTE-PC UserName: Charlotte
07:37:39.503 Initialize success
07:38:17.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:38:17.663 Disk 0 Vendor: WDC_WD5000AAKS-22V1A0 05.01D05 Size: 476940MB BusType: 3
07:38:17.673 Disk 0 MBR read successfully
07:38:17.673 Disk 0 MBR scan
07:38:17.683 Disk 0 Windows 7 default MBR code
07:38:17.683 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 348557 MB offset 2048
07:38:17.713 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 128378 MB offset 713848275
07:38:17.753 Disk 0 scanning C:\Windows\system32\drivers
07:38:22.503 Service scanning
07:38:32.883 Modules scanning
07:38:32.893 Disk 0 trace - called modules:
07:38:32.913 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:38:32.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033b7790]
07:38:32.923 3 CLASSPNP.SYS[fffff88001b8843f] -> nt!IofCallDriver -> [0xfffffa80033b64e0]
07:38:32.933 5 PCTCore64.sys[fffff880010f15fc] -> nt!IofCallDriver -> [0xfffffa8002f38520]
07:38:33.153 7 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f3e060]
07:38:33.163 Scan finished successfully
07:39:18.353 Disk 0 MBR has been saved successfully to "C:\Users\Charlotte\Desktop\MBR.dat"
07:39:18.403 The log file has been saved successfully to "C:\Users\Charlotte\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 07:37:38
-----------------------------
07:37:38.103 OS Version: Windows x64 6.1.7601 Service Pack 1
07:37:38.103 Number of processors: 2 586 0x1706
07:37:38.103 ComputerName: CHARLOTTE-PC UserName: Charlotte
07:37:39.503 Initialize success
07:38:17.653 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:38:17.663 Disk 0 Vendor: WDC_WD5000AAKS-22V1A0 05.01D05 Size: 476940MB BusType: 3
07:38:17.673 Disk 0 MBR read successfully
07:38:17.673 Disk 0 MBR scan
07:38:17.683 Disk 0 Windows 7 default MBR code
07:38:17.683 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 348557 MB offset 2048
07:38:17.713 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 128378 MB offset 713848275
07:38:17.753 Disk 0 scanning C:\Windows\system32\drivers
07:38:22.503 Service scanning
07:38:32.883 Modules scanning
07:38:32.893 Disk 0 trace - called modules:
07:38:32.913 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:38:32.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033b7790]
07:38:32.923 3 CLASSPNP.SYS[fffff88001b8843f] -> nt!IofCallDriver -> [0xfffffa80033b64e0]
07:38:32.933 5 PCTCore64.sys[fffff880010f15fc] -> nt!IofCallDriver -> [0xfffffa8002f38520]
07:38:33.153 7 ACPI.sys[fffff88000ee17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f3e060]
07:38:33.163 Scan finished successfully
07:39:18.353 Disk 0 MBR has been saved successfully to "C:\Users\Charlotte\Desktop\MBR.dat"
07:39:18.403 The log file has been saved successfully to "C:\Users\Charlotte\Desktop\aswMBR.txt"
07:54:56.811 Disk 0 MBR has been saved successfully to "C:\Users\Charlotte\Desktop\MBR.dat"
07:54:56.821 The log file has been saved successfully to "C:\Users\Charlotte\Desktop\aswMBR.txt"


Do you want me to delete the information from my desk top now or will you tell me when you want me to do that?
Also, When I download a file or (anyting) it does not give me the option as to "where to save it", it just automaticlly goes to a "download" file, I then open the download file,"drag and drop" what I need,
to my desk top, then continue your instructions. Is there an easier way?? I warned you I did not know much!!

And, thanks again so much for your help. I have no idea what we (people like me) would do without you!!!
Char

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:40 AM

Posted 03 March 2012 - 08:32 AM

Do you want me to delete the information from my desk top now or will you tell me when you want me to do that?


I will tell you when, don't worry.


Also, When I download a file or (anyting) it does not give me the option as to "where to save it", it just automaticlly goes to a "download" file, I then open the download file,"drag and drop" what I need,
to my desk top, then continue your instructions. Is there an easier way?? I warned you I did not know much!!


You can set the default location for the browser. Your description sounds like Firefox and the instructions for that is here


And, thanks again so much for your help. I have no idea what we (people like me) would do without you!!!


You're welcome, but we're not so different I used to be a n00b once (as did everyone here, of course)


The logs are showing no signs of rootkit activity so we can move to the next phase and remove whatever is there.


Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 Char02

Char02
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 03 March 2012 - 07:16 PM

Hi again M0le: Thanks for the kind words. You are very nice.

I tried to do as you ask. Ran into a couple of problems. First 1.) I got all of the anti-virus programs to close with the exception of "P C Spyware Doctor". I followed the instruction in you line, to no avial. I have the trial version. I disabled everything I could in that program, and changed the time to re-enable to 1 hour, but got a screen telling me to disable that program before I click OK. Now I really don't know what to do. The screen is still active,and due to the warning saying that the Spyware Doctor is know to create major problems and wreck your computer. I just stopped everything. So HELP!

I am afraid to do anything now, even use the x and close the window. Please help and let me know what to do now. This PC puts itself to sleep when you don't hit the keyboard for awhile. I am afraid to try to even stop this action. So, until you tell me something. I am just going to let things set as is for now.

Thanks for everything you are doing for me.
Char

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:40 AM

Posted 03 March 2012 - 07:29 PM

You can uninstall it for now.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Spyware Doctor

Additional instructions can be found here if needed.
Posted Image
m0le is a proud member of UNITE

#9 Char02

Char02
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 06 March 2012 - 09:51 AM

Hey M0le, hope you are having a great day. I looked at the info you gave me on when I download, to get it to ask where i want the download to go, too complecated for me at this point. So I proceeded to follow your instructions, since doing my downloads the hard way seems to work ok, for now.

Here is what has been going on. I deleted Spyware Doctor. After that, I made sure that that everything was turned off (all of this on the infected PC). I followed your steps in the order given. When I downloaded Combo Fix, it went to my downloads, I dragged and dropped it to my desktop. went to my desktop double clicked as you stated. I did not work, resp: a small window popped up, and it stared fillin with Step 1, step 2, and so on. I left the room for a moment and when I came back it had a new window saying "an error had occured, scan failed. So I read your directions again, and I had negelected to change the name to Combofix.exe. "Sorry about that". So I went back to my download screen, changed the name and the dragged and dropped it to my desktop. Note: both times I moved this program to my desktop, instead of it just moveing the file, like it always does, it automaticly created a shortcut instead. But, anyway, when I double cliced the corrected name ComboFix. It stared running and the response this time was "Program Completed Successfully" and a nother line popped up saying" Report is being created" Nothing happened after that. I left it like that overnight, yesterday, and last night. This morning, I went to the pc and the little screen was still there, and no report was created in the little screen, it was exactly as I left it 2 days ago. I used the x and closed the screen. Went to my task bar left clicked once on my "Internet Explorer", and a little window popped up saying
""C:\ProgramFiles(86)\Internet Explorer\iexplorer.exe Illegal operation attempted on a registry key that has been marked for deletion" OK button was highlighted. I used the X to close the window. A second window popped up Windows (was in the header) In the window it said

"It might have been moved,renamed, or deleted. Do you want to remove this item" YES was Highlighted, I clicked NO. I went to the start button, click on it, clicked on Computer (just to see if anything was working, it was fine. The screen saver works. I don't even know what the registery keys are, except to know that "YOU SHOULD NEVER TOUCH THEM". I don't know what to do now.

It seems to me (and you know I have no idea what is wrong) that I have messed up really bad, and I am making things worse.

I am sure, it is frustrating to you when trying to help someone that, that is messing up as much as I. So, now I cannot get to the net on the infected PC, so I will be using this one to get to you. Please tell me that my we can do it this way until you tell me how to fix my big PC.

And as usual, I can't thank you enought for all of your help and time you are devoting to this problem. Char

P.S. Hope your little trip (or what ever), is a good break for you!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:40 AM

Posted 06 March 2012 - 05:08 PM

Reboot the machine. That will fix the registry deletion message and should let the Combofix log generate.

If it doesn't then find it by following this:

Please go to start -> Run.

Copy and paste the bold line in the run-box and click OK:

cmd /c dir /a/s/b C:\QooBox >log.txt & log.txt

A text file opens up, copy and paste the content to your reply.
Posted Image
m0le is a proud member of UNITE

#11 Char02

Char02
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 07 March 2012 - 12:29 AM

M0le how the heck is it going? I hope better than here. I rebooted my infected PC. You were right, it took care of the registry problem (I am on the infected PC now). And, I guess after I re-booted it turned on my AVG Anti-Virus, because when I looked at the screen again, AVG had detected a potential and harmful item. I looked at it and it was the Combofix, so I said to allow (hoping it would generate the report). I did not generate anything. So I copy and pasted the bolded line on the RUN line, hit OK. The screen blinked so fast I could not see anything it said. I did a search for the NIRCMDB.exe from my start button and nothing there were no matches.
I just went to my AVG and copied the information from that file so you tell me what you want me to do next. I hope running this file without you telling me to do so is OK. If you don't want me to do this in the future, just le t me know. Just let me know what you want me to do next.

Also, thanks for getting back to me so quickly, I really appreciated it. Char


MY AVG History File
"3/6/2012, 7:34:29 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process NIRCMDB.EXE was detected."
"3/6/2012, 7:37:27 PM";"NT AUTHORITY\SYSTEM";"Update";"Update was started."
"3/6/2012, 7:37:29 PM";"NT AUTHORITY\SYSTEM";"Update";"Update failed."
"3/6/2012, 11:22:46 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process NIRCMDB.EXE was added to the allowed list."

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:40 AM

Posted 07 March 2012 - 07:10 PM

AVG detects Combofix as malware so that would explain that. It has now deleted a Combofix file which will stop it running and we may not be able to get a log.

AVG is a great antivirus but this causes us a lot of problems.

Please run OTL next, a good scanner which can also do some removal if we need to.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#13 Char02

Char02
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 08 March 2012 - 09:37 PM

You are so quick. I can hardly keep up with you. I am so sorry about not remembering that after the reboot, that AVG would be turned on again. But anyway here are the reports you asked for:

OTL logfile created on: 3/8/2012 9:27:10 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Charlotte\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.98% Memory free
5.98 Gb Paging File | 4.44 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 340.39 Gb Total Space | 297.96 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
Drive E: | 125.37 Gb Total Space | 111.17 Gb Free Space | 88.67% Space Free | Partition Type: NTFS

Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Charlotte\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Charlotte\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\AirLink101\AWLH6075\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\AirLink101\AWLH6075\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VST64_DPV) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (VST64HWBS2) -- C:\Windows\SysNative\drivers\VSTBS26.SYS (Conexant Systems, Inc.)
DRV:64bit: - (e1express) Intel® -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80291&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 8B 1E C7 9C C5 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{198119B8-5994-4315-8EBB-2E980DF9F379}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={71F3D50D-9B65-4886-997A-5A3E15A3803A}&mid=f86c66c33cf247d1a17cd1544f7f1b53-e42595c63d8950db8306f6dfd268289e33a7f446&lang=en&ds=AVG&pr=fr&d=2011-11-09 11:27:20&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80291&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 11:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/01/27 13:04:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2012/02/13 17:34:31 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/03/04 01:14:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files (x86)\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PC MightyMax 2011 Tray Icon] C:\Program Files (x86)\PC MightyMax 2011\TrayIcon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [RebateInformer] C:\Program Files (x86)\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Charlotte\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325133A8-B369-404F-A1CD-533921ABE35C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC9E194E-6661-454B-A8A2-3E8026FBA6F2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\rebinfo - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files (x86)\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 00:01:24 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\Big 10 2011-2012 Tournment Schedule
[2012/03/06 23:22:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/04 01:12:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/04 01:05:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/03 18:16:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/03 18:16:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/03 18:16:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 18:15:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/03 18:00:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/03 07:34:19 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Charlotte\Desktop\aswMBR (1).exe
[2012/03/02 09:40:38 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Charlotte\Desktop\TDSSKiller.exe
[2012/02/26 22:01:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Charlotte\Desktop\dds.scr
[2012/02/15 03:01:26 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/15 03:01:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/15 03:01:22 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/15 03:01:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/15 03:01:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/15 03:01:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/15 03:01:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/15 03:01:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/15 03:01:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/15 03:01:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/15 03:01:17 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/14 20:29:36 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/14 20:29:34 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/14 20:29:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/14 20:29:14 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/13 15:14:01 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Documents\Receipes
[2012/02/10 18:34:00 | 000,000,000 | ---D | C] -- C:\temp
[2012/02/10 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
[2012/02/10 18:17:00 | 000,105,552 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/02/10 18:16:54 | 000,144,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/02/10 18:16:54 | 000,090,704 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2012/02/10 18:16:54 | 000,067,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2012/02/10 18:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/02/10 18:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/10 04:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/10 04:49:08 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/10 04:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/10 04:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/10 04:08:09 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\Desktop\Downloads
[2012/02/10 04:07:43 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\GetRightToGo

========== Files - Modified Within 30 Days ==========

[2012/03/08 21:28:33 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 21:23:02 | 091,194,310 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/08 21:22:24 | 000,174,268 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/08 21:19:28 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 21:19:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 19:41:30 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 19:41:30 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 19:38:31 | 000,741,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/06 19:38:31 | 000,635,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/06 19:38:31 | 000,110,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/06 19:34:15 | 2407,403,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/04 01:14:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/03 18:39:18 | 000,001,136 | ---- | M] () -- C:\Users\Charlotte\Desktop\ComFix.exe.lnk
[2012/03/03 07:54:56 | 000,000,512 | ---- | M] () -- C:\Users\Charlotte\Desktop\MBR.dat
[2012/03/03 07:53:05 | 001,258,127 | ---- | M] () -- C:\Users\Charlotte\Documents\DAT file screen print.rtf
[2012/03/03 07:34:55 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Charlotte\Desktop\aswMBR (1).exe
[2012/03/03 07:17:23 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Charlotte\Desktop\TDSSKiller.exe
[2012/03/03 07:15:45 | 002,044,252 | ---- | M] () -- C:\Users\Charlotte\Desktop\tdsskiller.zip
[2012/02/26 22:01:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Charlotte\Desktop\dds.scr
[2012/02/26 21:49:47 | 000,000,000 | ---- | M] () -- C:\Users\Charlotte\defogger_reenable
[2012/02/26 21:45:57 | 000,050,477 | ---- | M] () -- C:\Users\Charlotte\Desktop\Defogger.exe
[2012/02/15 03:29:37 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/13 09:39:46 | 297,311,229 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/10 18:18:21 | 000,001,441 | ---- | M] () -- C:\Users\Charlotte\Desktop\Trend Micro Titanium.lnk
[2012/02/10 04:49:08 | 000,002,995 | ---- | M] () -- C:\Users\Charlotte\Desktop\HiJackThis.lnk
[2012/02/09 12:33:19 | 012,193,988 | ---- | M] () -- C:\Users\Charlotte\Documents\Rouge Malware.rtf
[2012/02/09 12:15:11 | 007,248,979 | ---- | M] () -- C:\Users\Charlotte\Documents\Vault Contents- Rouge Malware.rtf

========== Files Created - No Company Name ==========

[2012/03/03 18:39:18 | 000,001,136 | ---- | C] () -- C:\Users\Charlotte\Desktop\ComFix.exe.lnk
[2012/03/03 18:16:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/03 18:16:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/03 18:16:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/03 18:16:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/03 18:16:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 07:53:05 | 001,258,127 | ---- | C] () -- C:\Users\Charlotte\Documents\DAT file screen print.rtf
[2012/03/03 07:39:18 | 000,000,512 | ---- | C] () -- C:\Users\Charlotte\Desktop\MBR.dat
[2012/03/03 07:15:34 | 002,044,252 | ---- | C] () -- C:\Users\Charlotte\Desktop\tdsskiller.zip
[2012/02/26 21:49:47 | 000,000,000 | ---- | C] () -- C:\Users\Charlotte\defogger_reenable
[2012/02/26 21:45:57 | 000,050,477 | ---- | C] () -- C:\Users\Charlotte\Desktop\Defogger.exe
[2012/02/10 18:17:58 | 000,001,441 | ---- | C] () -- C:\Users\Charlotte\Desktop\Trend Micro Titanium.lnk
[2012/02/10 04:49:08 | 000,002,995 | ---- | C] () -- C:\Users\Charlotte\Desktop\HiJackThis.lnk
[2012/02/09 12:33:19 | 012,193,988 | ---- | C] () -- C:\Users\Charlotte\Documents\Rouge Malware.rtf
[2012/02/09 12:15:10 | 007,248,979 | ---- | C] () -- C:\Users\Charlotte\Documents\Vault Contents- Rouge Malware.rtf
[2012/01/03 14:25:37 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2012/01/03 14:24:21 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/11/09 12:00:25 | 000,013,650 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

========== LOP Check ==========

[2011/11/09 11:28:22 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\AVG2012
[2012/01/14 21:17:45 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Canon
[2012/02/04 05:08:50 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/10 04:15:45 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\GetRightToGo
[2012/02/04 05:31:57 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\licenses
[2012/01/03 14:37:00 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\NewSoft
[2012/02/04 05:32:45 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PCMM2009
[2012/02/04 05:31:52 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PCMM2011
[2012/01/03 14:24:03 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\ScanSoft
[2012/03/07 13:49:32 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Smilebox
[2009/07/14 00:08:49 | 000,008,380 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >






The Extras report:

OTL Extras logfile created on: 3/8/2012 9:27:10 PM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Charlotte\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.98% Memory free
5.98 Gb Paging File | 4.44 Gb Available in Paging File | 74.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 340.39 Gb Total Space | 297.96 Gb Free Space | 87.54% Space Free | Partition Type: NTFS
Drive E: | 125.37 Gb Total Space | 111.17 Gb Free Space | 88.67% Space Free | Partition Type: NTFS

Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™
"{C459FF28-B6DB-4C17-B54F-4175BF7F8D5B}" = AVG 2012
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"CanonMyPrinter" = Canon My Printer
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3f6555c4-0a24-11dc-8314-0800200c9a66}" = PC MightyMax 2011
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1" = RebateInformer
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = AirLink101 AWLH6075
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.35
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"SmileBox_EN Toolbar" = SmileBox EN Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2012 8:07:13 PM | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x04120260 Faulting
process id: 0x12f8 Faulting application start time: 0x01cce84f18e561ba Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
Inbox.dll Report Id: 58d79caa-5444-11e1-af35-001d099bf2a0

Error - 2/11/2012 10:30:58 AM | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 2/17/2012 4:35:23 PM | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e3be Faulting
process id: 0x1230 Faulting application start time: 0x01cced1df39c5c76 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: ea544267-59a6-11e1-8154-001d099bf2a0

Error - 2/24/2012 11:34:59 PM | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1350 Start
Time: 01ccf36e5feb6fa7 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 3/3/2012 7:16:53 PM | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgtray.exe, version: 12.0.0.1912, time
stamp: 0x4f1ea9b3 Faulting module name: smum32.dll, version: 7.0.0.9, time stamp:
0x4aa721e2 Exception code: 0xc0000417 Fault offset: 0x00001957 Faulting process id:
0xd90 Faulting application start time: 0x01ccf9362bed35f4 Faulting application path:
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe Faulting module path: C:\Program
Files (x86)\Spyware Doctor\smum32.dll Report Id: f5ea62a1-6586-11e1-a142-001d099bf2a0

Error - 3/3/2012 7:29:57 PM | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pev.3XE, version: 0.0.0.0, time stamp:
0x4e06cfe8 Faulting module name: pev.3XE, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception
code: 0x40000015 Fault offset: 0x0004ccbc Faulting process id: 0x184 Faulting application
start time: 0x01ccf9956db535ef Faulting application path: C:\ComboFix\pev.3XE Faulting
module path: C:\ComboFix\pev.3XE Report Id: c9917c75-6588-11e1-a142-001d099bf2a0

Error - 3/3/2012 7:36:09 PM | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x12ec Faulting application start time: 0x01ccf996588b65e1 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: a6eda809-6589-11e1-a142-001d099bf2a0

Error - 3/3/2012 7:37:37 PM | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Inbox.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4df8a693 Exception code: 0xc0000005 Fault offset: 0x06240260 Faulting
process id: 0x14bc Faulting application start time: 0x01ccf9967dc793ab Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
Inbox.dll Report Id: db321b75-6589-11e1-a142-001d099bf2a0

Error - 3/4/2012 3:48:38 AM | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/7/2012 2:31:32 PM | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 3/4/2012 1:45:37 AM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/4/2012 1:45:51 AM | Computer Name = Charlotte-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00-1B-B1-AD-0D-CE. Network operations
on this system may be disrupted as a result.

Error - 3/4/2012 1:54:19 AM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 3/4/2012 2:09:22 AM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/4/2012 2:12:44 AM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/4/2012 2:13:46 AM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 3/4/2012 2:13:51 AM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon

Error - 3/6/2012 8:34:17 PM | Computer Name = Charlotte-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:32:15 PM on ?3/?6/?2012 was unexpected.

Error - 3/6/2012 8:34:23 PM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 3/6/2012 8:34:25 PM | Computer Name = Charlotte-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >
M0le..Thanks a bunch for all the help and patience. Char

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:40 AM

Posted 11 March 2012 - 07:42 PM

Okay, let's change tack and run a couple of other removal tools to see where we are now.

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then SAS

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#15 Char02

Char02
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Indiana
  • Local time:01:40 AM

Posted 13 March 2012 - 11:57 PM

Greetings M0le: Hope you had a good weekend. I am sorry it has taken a couple of days to get your instructions completed, but, surgery was un-expected yesterday. But, back to the problem at hand. I installed MBAM and ran a full scan as you asked. The log is posted below.
Question: I read the log and it said nothing found. Ok? OK. But, as the scan was running, the Mighty Max pop up's, Popped UP. Again saying that I have major errors that must be scanned and fixed right away. Error code 802. And, I deleted the program from the Control Panel, Programs, Uninstall Programs. That is when my AVG Security program notified me that I had installed malware and I found it in the Quaranine file (the logs were copied and pasted on the orginial post in a different forum, then was told to come to this forum. And the short cut is back on my desktop. How did it get back on my PC?????


NOTE: since no problems were found, I did not restart my PC to complete the removal of all malware. I hope that is OK?

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Charlotte :: CHARLOTTE-PC [administrator]

3/13/2012 10:20:11 PM
mbam-log-2012-03-13 (22-20-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373132
Time elapsed: 50 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/14/2012 at 00:38 AM

Application Version : 5.0.1146

Core Rules Database Version : 8333
Trace Rules Database Version: 6145

Scan type : Complete Scan
Total Scan Time : 00:49:24

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 546
Memory threats detected : 0
Registry items scanned : 63446
Registry threats detected : 0
File items scanned : 59121
File threats detected : 89

Adware.Tracking Cookie
C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Cookies\9VEEL7FQ.txt [ /c.atdmt.com ]
C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Cookies\RA0KSENK.txt [ /avgtechnologies.112.2o7.net ]
C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Cookies\CYBIT91E.txt [ /ad.wsod.com ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\D1E7J9UE.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1037172942/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2FPI5TM6.txt [ Cookie:charlotte@liveperson.net/hc/44153975 ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\E4NKAMEI.txt [ Cookie:charlotte@imrworldwide.com/cgi-bin ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\QAT7IBLX.txt [ Cookie:charlotte@tribalfusion.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2EDHF117.txt [ Cookie:charlotte@www.pcmightymax.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWLJGFAS.txt [ Cookie:charlotte@tacoda.at.atwola.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\13PP00O0.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1048247830/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Z4QEYIZ.txt [ Cookie:charlotte@adserver.adtechus.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\PE1PJOBQ.txt [ Cookie:charlotte@bs.serving-sys.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UMFPGP41.txt [ Cookie:charlotte@kontera.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\20OZ5D22.txt [ Cookie:charlotte@questionmarket.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\N22Y1YFR.txt [ Cookie:charlotte@adx.investopedia.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Q6JU0XR.txt [ Cookie:charlotte@dealtime.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4AKO6BU5.txt [ Cookie:charlotte@doubleclick.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YS9CXSD0.txt [ Cookie:charlotte@adsonar.com/adserving ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KF0AWBBD.txt [ Cookie:charlotte@realmedia.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z9IEZZGI.txt [ Cookie:charlotte@www.commission-junction.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOWXXFVJ.txt [ Cookie:charlotte@ru4.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\U01534O7.txt [ Cookie:charlotte@www.jenkinshomeenhancement.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8Y9YHIL1.txt [ Cookie:charlotte@mm.chitika.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IFB0HPZ.txt [ Cookie:charlotte@microsoftinternetexplorer.112.2o7.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IXSRWIWJ.txt [ Cookie:charlotte@casalemedia.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\E313HL85.txt [ Cookie:charlotte@buy.goclickfree.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YBIVWLQ8.txt [ Cookie:charlotte@kiplinger.112.2o7.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLOP2U3Q.txt [ Cookie:charlotte@media2.legacy.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\0KHACBR0.txt [ Cookie:charlotte@statse.webtrendslive.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5QWGD1YX.txt [ Cookie:charlotte@solvemedia.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9SB4DQEQ.txt [ Cookie:charlotte@eyewonder.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\O1SDCI2C.txt [ Cookie:charlotte@c.atdmt.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SI4SV55F.txt [ Cookie:charlotte@sales.liveperson.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\NFKFMT1J.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1018193325/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\420KM9RU.txt [ Cookie:charlotte@mediaplex.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\W1O6XGJA.txt [ Cookie:charlotte@at.atwola.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\H2B8NSSO.txt [ Cookie:charlotte@invitemedia.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8QG2EB8I.txt [ Cookie:charlotte@revsci.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\QSGPYO46.txt [ Cookie:charlotte@ar.atwola.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VQ4YF2TJ.txt [ Cookie:charlotte@avgtechnologies.112.2o7.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\BM8HHXR6.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1069850195/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\T1I7O1ED.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1010766643/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4B0GLRA8.txt [ Cookie:charlotte@fastclick.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\53Z5TL6I.txt [ Cookie:charlotte@usatoday1.112.2o7.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4HU1G6PI.txt [ Cookie:charlotte@liveperson.net/hc/19452074 ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IZZFVTW.txt [ Cookie:charlotte@apmebf.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\S7G1MGD1.txt [ Cookie:charlotte@advertising.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\40474QIE.txt [ Cookie:charlotte@clickfree.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\1CX9X74X.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1072640729/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\AXX6GVTO.txt [ Cookie:charlotte@pointroll.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VDWUY100.txt [ Cookie:charlotte@amazon-adsystem.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8M5FPBWL.txt [ Cookie:charlotte@liveperson.net/hc/63758332 ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\982V7AV5.txt [ Cookie:charlotte@interclick.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OR3BC14X.txt [ Cookie:charlotte@h.atdmt.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4CIDJFJU.txt [ Cookie:charlotte@a1.interclick.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TT9FFPZC.txt [ Cookie:charlotte@dc.tremormedia.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YDLEEWFR.txt [ Cookie:charlotte@ads.pointroll.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUKX0H0C.txt [ Cookie:charlotte@serving-sys.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ABHL913N.txt [ Cookie:charlotte@adxpose.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJKEVHGE.txt [ Cookie:charlotte@yieldmanager.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLJ91R6O.txt [ Cookie:charlotte@in.getclicky.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9T8QK2SM.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1008912531/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KWSTGQBA.txt [ Cookie:charlotte@insightexpressai.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\O60ZIUH9.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/950659976/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\1SYUUJSH.txt [ Cookie:charlotte@account.live.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CM6QJUC3.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1026835746/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\4ENM9W8M.txt [ Cookie:charlotte@bizrate.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\OBC4W05O.txt [ Cookie:charlotte@steelhousemedia.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOJVHAVT.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1022514259/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\JDW1MZXA.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1017882091/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\KR44LQCZ.txt [ Cookie:charlotte@server.iad.liveperson.net/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\J118W0DJ.txt [ Cookie:charlotte@stat.dealtime.com/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\AZJ4VOZP.txt [ Cookie:charlotte@www.googleadservices.com/pagead/conversion/1063797451/ ]
C:\USERS\CHARLOTTE\AppData\Roaming\Microsoft\Windows\Cookies\Low\EG7VYWKE.txt [ Cookie:charlotte@akamai.interclickproxy.com/ ]
C:\USERS\CHARLOTTE\Cookies\9VEEL7FQ.txt [ Cookie:charlotte@c.atdmt.com/ ]
C:\USERS\CHARLOTTE\Cookies\RA0KSENK.txt [ Cookie:charlotte@avgtechnologies.112.2o7.net/ ]
mediasuite.multicastmedia.com [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3DU8QUE2 ]
cdn4.specificclick.net [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
interclick.com [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
mediaforgews.com [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
msntest.serving-sys.com [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
static.2mdn.net [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
uclick.com [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
udn.specificclick.net [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
www.uclick.com [ E:\C\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QPDCLVDS ]
objects.tremormedia.com [ C:\USERS\CHARLOTTE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\P6XRXZE9 ]

Trace.Known Threat Sources
C:\USERS\CHARLOTTE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8C0FOSUG\xcmc_banner_2009_fx[1].gif [ cache:pcmightymax.net ]
C:\USERS\CHARLOTTE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ECHIJFDO\spc0[1].gif [ cache:pcmightymax.net ]
C:\USERS\CHARLOTTE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8C0FOSUG\xcmc_button_1[1].gif [ cache:pcmightymax.net ]


YEAH YEAH YEAH This program at least found P C Mighty Max!!!!!!

The Super Anti spyware said that the Trace.Known Threat Sources should be removed immediately from my computer.

So, tell me what you want me to do next.
And thanks again for everything you have done already.
Char




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users