Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ABNOW rootkit virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 Horist

Horist

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 05 April 2012 - 10:23 PM

So I have a redirect virus. I read some of the other posters on this issue, and due to the complexity, am posting here for help. Malwarebytes always shows 2 viruses and demands reboot, but doesn't solve the problem.

Below is my malwarebytes log and "DDS" log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Karen :: KAREN-PC [administrator]

4/4/2012 10:34:06 PM
mbam-log-2012-04-04 (22-34-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196572
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> 3732 -> No action taken.

Memory Modules Detected: 3
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 151
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> No action taken.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> No action taken.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR\FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> No action taken.
HKCR\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (PUP.MyWebSearch) -> No action taken.
HKCR\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> No action taken.
HKCR\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MyWebSearch Email Plugin (PUP.MyWebSearch) -> Data: C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: #aI
G\ -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Data: C:\Users\Karen\AppData\Local\d6fdda4c\X -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 17
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\History (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> No action taken.

Files Detected: 88
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3FFTBPR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
C:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PATCH.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3UNPAT.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> No action taken.
C:\Users\Karen\AppData\Local\Temp\AE3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\temp68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Karen\Local Settings\Temporary Internet Files\Content.IE5\IWXBDDR3\5[1].exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Karen\Local Settings\Temporary Internet Files\Content.IE5\OIVXZ4BM\4[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Karen\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Delete on reboot.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

(end)


DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Karen at 20:22:30 on 2012-04-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2304 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HighwindSoftware\TuneSync\TuneSync.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\wuauclt.exe
\systemroot\assembly\tmp\U
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [TuneSync] C:\Program Files (x86)\HighwindSoftware\TuneSync\TuneSync.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{407503D8-DC47-4079-9056-87D1B504C54D} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
S2 iksysflt;Nvcap;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 starwindserviceae;SetupSys;\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs --> \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-06 03:02:25 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-06 02:53:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 07:04:55 -------- d-----w- C:\Windows\pss
2012-04-05 05:33:22 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes
2012-04-05 05:33:17 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-05 05:33:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-05 05:33:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 21:07:40 -------- d-----w- C:\Users\Karen\AppData\Roaming\Jaran Nilsen
2012-04-03 02:56:10 -------- d-----w- C:\Users\Karen\AppData\Roaming\Tific
2012-04-03 02:56:10 -------- d-----w- C:\Users\Karen\AppData\Local\Symantec
2012-04-03 02:33:26 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-04-03 01:23:03 0 --sha-w- C:\Windows\System32\dds_log_ad13.cmd
2012-04-03 01:21:28 -------- d-sh--w- C:\Users\Karen\AppData\Local\d6fdda4c
2012-04-02 00:58:21 -------- d-----w- C:\Program Files (x86)\Notpod
2012-03-30 14:12:54 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{61DEE671-86C2-4C3D-B8C4-B53ADF371A57}\mpengine.dll
2012-03-30 03:39:45 -------- d-----w- C:\Program Files (x86)\HighwindSoftware
2012-03-21 00:20:23 -------- d-----w- C:\Program Files\iPod
2012-03-21 00:20:22 -------- d-----w- C:\Program Files\iTunes
2012-03-21 00:20:22 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-14 10:01:10 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 10:01:10 3957616 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:01:09 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 02:41:13 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:41:12 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-14 02:41:12 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 02:41:12 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-14 02:41:12 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 02:41:12 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-14 02:41:12 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:41:12 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 02:41:12 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:41:11 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-14 02:41:11 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 00:00:23 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 00:00:23 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 00:00:23 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 00:00:22 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 00:00:22 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 00:00:22 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 00:00:22 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-04-06 03:02:25 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-03 17:07:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:23:04.80 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 05 April 2012 - 11:18 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Horist

Horist
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 06 April 2012 - 12:11 AM

After installing combofix, when I double click combofix, a window comes up (like a command prompt) and a bunch of things run, but I don't get any prompts for activity. I don't get the disclaimer etc. When I tried to uninstall, following the instructions for windows7 doesn't work. It states that it is unable to find combofix /uninstall

Edit: By "install" i mean download from the link provided.

Edit2: Other problems besides searchenginge redirects is that when I restart in Safe mode, the computer will automatically restart again in about 90 seconds.

Edited by Horist, 06 April 2012 - 12:23 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 06 April 2012 - 12:34 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Horist

Horist
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 06 April 2012 - 07:48 PM

Here they are:

TDSS:
17:27:06.0925 2320 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
17:27:07.0371 2320 ============================================================
17:27:07.0371 2320 Current date / time: 2012/04/06 17:27:07.0371
17:27:07.0371 2320 SystemInfo:
17:27:07.0371 2320
17:27:07.0371 2320 OS Version: 6.1.7600 ServicePack: 0.0
17:27:07.0371 2320 Product type: Workstation
17:27:07.0371 2320 ComputerName: KAREN-PC
17:27:07.0371 2320 UserName: Karen
17:27:07.0371 2320 Windows directory: C:\Windows
17:27:07.0371 2320 System windows directory: C:\Windows
17:27:07.0371 2320 Running under WOW64
17:27:07.0371 2320 Processor architecture: Intel x64
17:27:07.0371 2320 Number of processors: 4
17:27:07.0372 2320 Page size: 0x1000
17:27:07.0372 2320 Boot type: Normal boot
17:27:07.0372 2320 ============================================================
17:27:09.0230 2320 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:27:09.0245 2320 \Device\Harddisk0\DR0:
17:27:09.0246 2320 MBR used
17:27:09.0246 2320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:27:09.0246 2320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x490C4000
17:27:09.0246 2320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x490F6800, BlocksNum 0x1761000
17:27:09.0324 2320 Initialize success
17:27:09.0324 2320 ============================================================
17:27:12.0087 2172 ============================================================
17:27:12.0087 2172 Scan started
17:27:12.0087 2172 Mode: Manual;
17:27:12.0087 2172 ============================================================
17:27:14.0216 2172 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:27:14.0219 2172 1394ohci - ok
17:27:14.0258 2172 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:27:14.0262 2172 ACPI - ok
17:27:14.0283 2172 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:27:14.0284 2172 AcpiPmi - ok
17:27:14.0357 2172 AdobeActiveFileMonitor4.0 (2486c8e3f14496341e90cf2ab8bc82ed) C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
17:27:14.0358 2172 AdobeActiveFileMonitor4.0 - ok
17:27:14.0457 2172 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:14.0460 2172 AdobeFlashPlayerUpdateSvc - ok
17:27:14.0492 2172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:27:14.0508 2172 adp94xx - ok
17:27:14.0542 2172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:27:14.0546 2172 adpahci - ok
17:27:14.0563 2172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:27:14.0566 2172 adpu320 - ok
17:27:14.0600 2172 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:27:14.0601 2172 AeLookupSvc - ok
17:27:14.0650 2172 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:27:14.0658 2172 AFD - ok
17:27:14.0682 2172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:27:14.0684 2172 agp440 - ok
17:27:14.0707 2172 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:27:14.0708 2172 ALG - ok
17:27:14.0738 2172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:27:14.0739 2172 aliide - ok
17:27:14.0753 2172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:27:14.0755 2172 amdide - ok
17:27:14.0783 2172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:27:14.0784 2172 AmdK8 - ok
17:27:14.0807 2172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:27:14.0809 2172 AmdPPM - ok
17:27:14.0836 2172 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:27:14.0838 2172 amdsata - ok
17:27:14.0857 2172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:27:14.0859 2172 amdsbs - ok
17:27:14.0885 2172 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:27:14.0885 2172 amdxata - ok
17:27:14.0929 2172 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:27:14.0931 2172 AppID - ok
17:27:14.0950 2172 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:27:14.0952 2172 AppIDSvc - ok
17:27:14.0968 2172 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:27:14.0969 2172 Appinfo - ok
17:27:15.0058 2172 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:27:15.0059 2172 Apple Mobile Device - ok
17:27:15.0116 2172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:27:15.0118 2172 arc - ok
17:27:15.0141 2172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:27:15.0143 2172 arcsas - ok
17:27:15.0179 2172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:27:15.0179 2172 AsyncMac - ok
17:27:15.0216 2172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:27:15.0217 2172 atapi - ok
17:27:15.0264 2172 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:27:15.0282 2172 AudioEndpointBuilder - ok
17:27:15.0294 2172 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:27:15.0298 2172 AudioSrv - ok
17:27:15.0325 2172 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:27:15.0327 2172 AxInstSV - ok
17:27:15.0357 2172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:27:15.0373 2172 b06bdrv - ok
17:27:15.0413 2172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:27:15.0432 2172 b57nd60a - ok
17:27:15.0499 2172 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:27:15.0500 2172 BDESVC - ok
17:27:15.0518 2172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:27:15.0519 2172 Beep - ok
17:27:15.0571 2172 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
17:27:15.0589 2172 BITS - ok
17:27:15.0624 2172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:27:15.0625 2172 blbdrive - ok
17:27:15.0710 2172 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:27:15.0715 2172 Bonjour Service - ok
17:27:15.0764 2172 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:27:15.0769 2172 bowser - ok
17:27:15.0800 2172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:27:15.0801 2172 BrFiltLo - ok
17:27:15.0819 2172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:27:15.0820 2172 BrFiltUp - ok
17:27:15.0855 2172 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:27:15.0857 2172 BridgeMP - ok
17:27:15.0884 2172 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:27:15.0886 2172 Browser - ok
17:27:15.0912 2172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:27:15.0916 2172 Brserid - ok
17:27:15.0933 2172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:27:15.0935 2172 BrSerWdm - ok
17:27:15.0950 2172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:27:15.0951 2172 BrUsbMdm - ok
17:27:15.0966 2172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:27:15.0967 2172 BrUsbSer - ok
17:27:15.0995 2172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:27:15.0997 2172 BTHMODEM - ok
17:27:16.0017 2172 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:27:16.0019 2172 bthserv - ok
17:27:16.0053 2172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:27:16.0055 2172 cdfs - ok
17:27:16.0092 2172 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:27:16.0096 2172 cdrom - ok
17:27:16.0126 2172 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:27:16.0128 2172 CertPropSvc - ok
17:27:16.0155 2172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:27:16.0157 2172 circlass - ok
17:27:16.0191 2172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:27:16.0195 2172 CLFS - ok
17:27:16.0250 2172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:16.0264 2172 clr_optimization_v2.0.50727_32 - ok
17:27:16.0346 2172 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:27:16.0406 2172 clr_optimization_v2.0.50727_64 - ok
17:27:16.0499 2172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:16.0550 2172 clr_optimization_v4.0.30319_32 - ok
17:27:16.0587 2172 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:27:16.0604 2172 clr_optimization_v4.0.30319_64 - ok
17:27:16.0715 2172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:27:16.0716 2172 CmBatt - ok
17:27:16.0857 2172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:27:16.0868 2172 cmdide - ok
17:27:16.0909 2172 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:27:16.0914 2172 CNG - ok
17:27:17.0016 2172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:27:17.0029 2172 Compbatt - ok
17:27:17.0189 2172 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:27:17.0199 2172 CompositeBus - ok
17:27:17.0216 2172 COMSysApp - ok
17:27:17.0240 2172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:27:17.0241 2172 crcdisk - ok
17:27:17.0279 2172 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:27:17.0282 2172 CryptSvc - ok
17:27:17.0485 2172 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:27:17.0494 2172 cvhsvc - ok
17:27:17.0736 2172 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:27:17.0750 2172 DcomLaunch - ok
17:27:18.0133 2172 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:27:18.0158 2172 defragsvc - ok
17:27:18.0916 2172 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:27:18.0917 2172 DfsC - ok
17:27:19.0034 2172 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:27:19.0046 2172 Dhcp - ok
17:27:19.0068 2172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:27:19.0069 2172 discache - ok
17:27:19.0117 2172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:27:19.0118 2172 Disk - ok
17:27:19.0160 2172 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:27:19.0163 2172 Dnscache - ok
17:27:19.0183 2172 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:27:19.0186 2172 dot3svc - ok
17:27:19.0205 2172 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:27:19.0208 2172 DPS - ok
17:27:19.0242 2172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:27:19.0242 2172 drmkaud - ok
17:27:19.0296 2172 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:27:19.0301 2172 DXGKrnl - ok
17:27:19.0325 2172 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:27:19.0338 2172 EapHost - ok
17:27:19.0437 2172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:27:19.0488 2172 ebdrv - ok
17:27:19.0549 2172 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:27:19.0564 2172 EFS - ok
17:27:19.0613 2172 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:27:19.0631 2172 ehRecvr - ok
17:27:19.0655 2172 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:27:19.0657 2172 ehSched - ok
17:27:19.0703 2172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:27:19.0712 2172 elxstor - ok
17:27:19.0739 2172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:27:19.0751 2172 ErrDev - ok
17:27:19.0791 2172 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:27:19.0807 2172 EventSystem - ok
17:27:19.0829 2172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:27:19.0832 2172 exfat - ok
17:27:19.0852 2172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:27:19.0854 2172 fastfat - ok
17:27:19.0890 2172 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:27:19.0907 2172 Fax - ok
17:27:19.0935 2172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:27:19.0936 2172 fdc - ok
17:27:19.0962 2172 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:27:19.0963 2172 fdPHost - ok
17:27:19.0978 2172 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:27:19.0980 2172 FDResPub - ok
17:27:19.0995 2172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:27:19.0996 2172 FileInfo - ok
17:27:20.0011 2172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:27:20.0012 2172 Filetrace - ok
17:27:20.0042 2172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:27:20.0043 2172 flpydisk - ok
17:27:20.0069 2172 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:27:20.0072 2172 FltMgr - ok
17:27:20.0117 2172 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:27:20.0143 2172 FontCache - ok
17:27:20.0270 2172 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:27:20.0272 2172 FontCache3.0.0.0 - ok
17:27:20.0294 2172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:27:20.0295 2172 FsDepends - ok
17:27:20.0327 2172 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:27:20.0328 2172 Fs_Rec - ok
17:27:20.0381 2172 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:27:20.0384 2172 fvevol - ok
17:27:20.0432 2172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:27:20.0434 2172 gagp30kx - ok
17:27:20.0592 2172 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:27:20.0596 2172 GameConsoleService - ok
17:27:20.0624 2172 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:27:20.0624 2172 GEARAspiWDM - ok
17:27:20.0785 2172 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:27:20.0794 2172 gpsvc - ok
17:27:20.0844 2172 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:27:20.0846 2172 gupdate - ok
17:27:20.0878 2172 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:27:20.0879 2172 gupdatem - ok
17:27:20.0920 2172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:27:20.0921 2172 hcw85cir - ok
17:27:20.0961 2172 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:27:20.0963 2172 HDAudBus - ok
17:27:20.0979 2172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:27:20.0980 2172 HidBatt - ok
17:27:21.0006 2172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:27:21.0008 2172 HidBth - ok
17:27:21.0037 2172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:27:21.0039 2172 HidIr - ok
17:27:21.0070 2172 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:27:21.0071 2172 hidserv - ok
17:27:21.0093 2172 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:27:21.0094 2172 HidUsb - ok
17:27:21.0111 2172 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:27:21.0113 2172 hkmsvc - ok
17:27:21.0130 2172 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:27:21.0133 2172 HomeGroupListener - ok
17:27:21.0161 2172 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:27:21.0165 2172 HomeGroupProvider - ok
17:27:21.0275 2172 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:27:21.0276 2172 HP Support Assistant Service - ok
17:27:21.0400 2172 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:27:21.0419 2172 HPDrvMntSvc.exe - ok
17:27:21.0446 2172 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:27:21.0464 2172 hpqwmiex - ok
17:27:21.0513 2172 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:27:21.0529 2172 HpSAMD - ok
17:27:21.0599 2172 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:27:21.0616 2172 HTTP - ok
17:27:21.0628 2172 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:27:21.0628 2172 hwpolicy - ok
17:27:21.0657 2172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:27:21.0659 2172 i8042prt - ok
17:27:21.0710 2172 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:27:21.0715 2172 iaStorV - ok
17:27:21.0964 2172 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:27:21.0982 2172 idsvc - ok
17:27:22.0020 2172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:27:22.0021 2172 iirsp - ok
17:27:22.0089 2172 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:27:22.0157 2172 IKEEXT - ok
17:27:22.0379 2172 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
17:27:22.0390 2172 IntcAzAudAddService - ok
17:27:22.0548 2172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:27:22.0559 2172 intelide - ok
17:27:22.0815 2172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:27:22.0837 2172 intelppm - ok
17:27:22.0873 2172 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:27:22.0879 2172 IPBusEnum - ok
17:27:22.0912 2172 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:27:22.0918 2172 IpFilterDriver - ok
17:27:23.0014 2172 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:27:23.0034 2172 iphlpsvc - ok
17:27:23.0063 2172 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:27:23.0069 2172 IPMIDRV - ok
17:27:23.0107 2172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:27:23.0112 2172 IPNAT - ok
17:27:23.0252 2172 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
17:27:23.0275 2172 iPod Service - ok
17:27:23.0398 2172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:27:23.0402 2172 IRENUM - ok
17:27:23.0441 2172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:27:23.0446 2172 isapnp - ok
17:27:23.0473 2172 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:27:23.0477 2172 iScsiPrt - ok
17:27:23.0513 2172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:27:23.0514 2172 kbdclass - ok
17:27:23.0534 2172 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:27:23.0547 2172 kbdhid - ok
17:27:23.0583 2172 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:27:23.0584 2172 KeyIso - ok
17:27:23.0741 2172 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:27:23.0763 2172 KSecDD - ok
17:27:23.0912 2172 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:27:23.0929 2172 KSecPkg - ok
17:27:23.0962 2172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:27:23.0968 2172 ksthunk - ok
17:27:24.0014 2172 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:27:24.0020 2172 KtmRm - ok
17:27:24.0119 2172 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:27:24.0132 2172 LanmanServer - ok
17:27:24.0417 2172 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:27:24.0426 2172 LanmanWorkstation - ok
17:27:24.0715 2172 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:27:24.0717 2172 LightScribeService - ok
17:27:24.0801 2172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:27:24.0802 2172 lltdio - ok
17:27:24.0845 2172 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:27:24.0849 2172 lltdsvc - ok
17:27:24.0870 2172 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:27:24.0871 2172 lmhosts - ok
17:27:24.0914 2172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:27:24.0916 2172 LSI_FC - ok
17:27:24.0989 2172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:27:25.0004 2172 LSI_SAS - ok
17:27:25.0034 2172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:27:25.0036 2172 LSI_SAS2 - ok
17:27:25.0072 2172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:27:25.0086 2172 LSI_SCSI - ok
17:27:25.0118 2172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:27:25.0120 2172 luafv - ok
17:27:25.0148 2172 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
17:27:25.0149 2172 LVPr2M64 - ok
17:27:25.0171 2172 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
17:27:25.0172 2172 LVPr2Mon - ok
17:27:25.0289 2172 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
17:27:25.0324 2172 LVPrcS64 - ok
17:27:25.0356 2172 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
17:27:25.0358 2172 LVRS64 - ok
17:27:25.0802 2172 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
17:27:25.0840 2172 LVUVC64 - ok
17:27:26.0009 2172 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:27:26.0038 2172 McComponentHostService - ok
17:27:26.0159 2172 mcp (a9e7a3fe06d451dd5dd1d3dcb060e467) C:\Windows\system32\ccispwdsvc.dll
17:27:26.0173 2172 mcp ( Backdoor.Multi.ZAccess.gen ) - infected
17:27:26.0174 2172 mcp - detected Backdoor.Multi.ZAccess.gen (0)
17:27:26.0422 2172 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:27:26.0486 2172 Mcx2Svc - ok
17:27:26.0523 2172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:27:26.0524 2172 megasas - ok
17:27:26.0545 2172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:27:26.0549 2172 MegaSR - ok
17:27:26.0591 2172 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:27:26.0604 2172 MMCSS - ok
17:27:26.0635 2172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:27:26.0647 2172 Modem - ok
17:27:26.0690 2172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:27:26.0691 2172 monitor - ok
17:27:26.0718 2172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:27:26.0719 2172 mouclass - ok
17:27:26.0752 2172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:27:26.0753 2172 mouhid - ok
17:27:26.0767 2172 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:27:26.0769 2172 mountmgr - ok
17:27:26.0793 2172 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:27:26.0796 2172 mpio - ok
17:27:26.0812 2172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:27:26.0814 2172 mpsdrv - ok
17:27:26.0831 2172 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:27:26.0833 2172 MRxDAV - ok
17:27:26.0878 2172 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:27:26.0892 2172 mrxsmb - ok
17:27:26.0927 2172 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:27:26.0930 2172 mrxsmb10 - ok
17:27:26.0944 2172 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:27:26.0945 2172 mrxsmb20 - ok
17:27:26.0966 2172 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:27:26.0968 2172 msahci - ok
17:27:26.0988 2172 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:27:26.0991 2172 msdsm - ok
17:27:27.0024 2172 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:27:27.0026 2172 MSDTC - ok
17:27:27.0065 2172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:27:27.0066 2172 Msfs - ok
17:27:27.0096 2172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:27:27.0097 2172 mshidkmdf - ok
17:27:27.0113 2172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:27:27.0114 2172 msisadrv - ok
17:27:27.0148 2172 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:27:27.0151 2172 MSiSCSI - ok
17:27:27.0158 2172 msiserver - ok
17:27:27.0187 2172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:27:27.0189 2172 MSKSSRV - ok
17:27:27.0217 2172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:27:27.0218 2172 MSPCLOCK - ok
17:27:27.0230 2172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:27:27.0231 2172 MSPQM - ok
17:27:27.0250 2172 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:27:27.0254 2172 MsRPC - ok
17:27:27.0275 2172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:27:27.0276 2172 mssmbios - ok
17:27:27.0295 2172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:27:27.0297 2172 MSTEE - ok
17:27:27.0317 2172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:27:27.0319 2172 MTConfig - ok
17:27:27.0346 2172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:27:27.0347 2172 Mup - ok
17:27:27.0539 2172 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:27:27.0554 2172 napagent - ok
17:27:27.0647 2172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:27:27.0650 2172 NativeWifiP - ok
17:27:27.0689 2172 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:27:27.0707 2172 NDIS - ok
17:27:27.0727 2172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:27:27.0729 2172 NdisCap - ok
17:27:27.0756 2172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:27:27.0757 2172 NdisTapi - ok
17:27:27.0778 2172 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:27:27.0779 2172 Ndisuio - ok
17:27:27.0796 2172 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:27:27.0799 2172 NdisWan - ok
17:27:27.0812 2172 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:27:27.0813 2172 NDProxy - ok
17:27:27.0824 2172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:27:27.0825 2172 NetBIOS - ok
17:27:27.0845 2172 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:27:27.0848 2172 NetBT - ok
17:27:27.0882 2172 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:27:27.0883 2172 Netlogon - ok
17:27:27.0936 2172 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:27:27.0941 2172 Netman - ok
17:27:27.0962 2172 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:27:27.0969 2172 netprofm - ok
17:27:28.0061 2172 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:27:28.0063 2172 NetTcpPortSharing - ok
17:27:28.0104 2172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:27:28.0105 2172 nfrd960 - ok
17:27:28.0136 2172 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:27:28.0139 2172 NlaSvc - ok
17:27:28.0170 2172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:27:28.0179 2172 Npfs - ok
17:27:28.0195 2172 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:27:28.0197 2172 nsi - ok
17:27:28.0208 2172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:27:28.0209 2172 nsiproxy - ok
17:27:28.0303 2172 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:27:28.0341 2172 Ntfs - ok
17:27:28.0361 2172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:27:28.0373 2172 Null - ok
17:27:29.0372 2172 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:27:29.0439 2172 nvlddmkm - ok
17:27:29.0630 2172 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
17:27:29.0632 2172 NVNET - ok
17:27:29.0799 2172 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:27:29.0833 2172 nvraid - ok
17:27:29.0861 2172 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:27:29.0864 2172 nvstor - ok
17:27:29.0934 2172 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
17:27:29.0936 2172 nvstor64 - ok
17:27:30.0177 2172 nvsvc (b5b5da18380f625c34b88b93d09d7d40) C:\Windows\system32\nvvsvc.exe
17:27:30.0199 2172 nvsvc - ok
17:27:30.0259 2172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:27:30.0261 2172 nv_agp - ok
17:27:30.0524 2172 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:27:30.0568 2172 odserv - ok
17:27:30.0603 2172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:27:30.0605 2172 ohci1394 - ok
17:27:30.0644 2172 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:30.0647 2172 ose - ok
17:27:31.0020 2172 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:27:31.0108 2172 osppsvc - ok
17:27:31.0237 2172 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:27:31.0241 2172 p2pimsvc - ok
17:27:31.0273 2172 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:27:31.0279 2172 p2psvc - ok
17:27:31.0354 2172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:27:31.0356 2172 Parport - ok
17:27:31.0391 2172 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:27:31.0392 2172 partmgr - ok
17:27:31.0417 2172 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:27:31.0420 2172 PcaSvc - ok
17:27:31.0474 2172 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:27:31.0489 2172 pci - ok
17:27:31.0506 2172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:27:31.0507 2172 pciide - ok
17:27:31.0535 2172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:27:31.0538 2172 pcmcia - ok
17:27:31.0557 2172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:27:31.0557 2172 pcw - ok
17:27:31.0577 2172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:27:31.0595 2172 PEAUTH - ok
17:27:31.0642 2172 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:27:31.0652 2172 PerfHost - ok
17:27:31.0707 2172 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:27:31.0741 2172 pla - ok
17:27:31.0777 2172 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:27:31.0785 2172 PlugPlay - ok
17:27:31.0815 2172 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:27:31.0816 2172 PNRPAutoReg - ok
17:27:31.0845 2172 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:27:31.0848 2172 PNRPsvc - ok
17:27:31.0995 2172 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:27:32.0022 2172 PolicyAgent - ok
17:27:32.0073 2172 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:27:32.0085 2172 Power - ok
17:27:32.0123 2172 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:27:32.0125 2172 PptpMiniport - ok
17:27:32.0155 2172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:27:32.0157 2172 Processor - ok
17:27:32.0169 2172 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
17:27:32.0172 2172 ProfSvc - ok
17:27:32.0216 2172 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:27:32.0217 2172 ProtectedStorage - ok
17:27:32.0266 2172 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:27:32.0268 2172 Psched - ok
17:27:32.0311 2172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:27:32.0347 2172 ql2300 - ok
17:27:32.0371 2172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:27:32.0372 2172 ql40xx - ok
17:27:32.0391 2172 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:27:32.0394 2172 QWAVE - ok
17:27:32.0413 2172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:27:32.0414 2172 QWAVEdrv - ok
17:27:32.0429 2172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:27:32.0430 2172 RasAcd - ok
17:27:32.0463 2172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:27:32.0464 2172 RasAgileVpn - ok
17:27:32.0477 2172 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:27:32.0480 2172 RasAuto - ok
17:27:32.0494 2172 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:27:32.0496 2172 Rasl2tp - ok
17:27:32.0514 2172 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:27:32.0518 2172 RasMan - ok
17:27:32.0536 2172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:27:32.0537 2172 RasPppoe - ok
17:27:32.0551 2172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:27:32.0552 2172 RasSstp - ok
17:27:32.0572 2172 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:27:32.0575 2172 rdbss - ok
17:27:32.0656 2172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:27:32.0657 2172 rdpbus - ok
17:27:32.0676 2172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:27:32.0677 2172 RDPCDD - ok
17:27:32.0701 2172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:27:32.0702 2172 RDPENCDD - ok
17:27:32.0720 2172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:27:32.0721 2172 RDPREFMP - ok
17:27:32.0755 2172 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
17:27:32.0758 2172 RDPWD - ok
17:27:32.0785 2172 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:27:32.0788 2172 rdyboost - ok
17:27:32.0832 2172 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:27:32.0834 2172 RemoteAccess - ok
17:27:32.0853 2172 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:27:32.0856 2172 RemoteRegistry - ok
17:27:32.0874 2172 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:27:32.0876 2172 RpcEptMapper - ok
17:27:32.0901 2172 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:27:32.0902 2172 RpcLocator - ok
17:27:32.0920 2172 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:27:32.0924 2172 RpcSs - ok
17:27:32.0944 2172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:27:32.0945 2172 rspndr - ok
17:27:32.0982 2172 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:27:32.0983 2172 SamSs - ok
17:27:33.0055 2172 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:27:33.0078 2172 sbp2port - ok
17:27:33.0103 2172 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:27:33.0106 2172 SCardSvr - ok
17:27:33.0124 2172 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:27:33.0125 2172 scfilter - ok
17:27:33.0221 2172 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:27:33.0259 2172 Schedule - ok
17:27:33.0284 2172 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:27:33.0285 2172 SCPolicySvc - ok
17:27:33.0300 2172 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:27:33.0313 2172 SDRSVC - ok
17:27:33.0339 2172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:27:33.0340 2172 secdrv - ok
17:27:33.0354 2172 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:27:33.0356 2172 seclogon - ok
17:27:33.0367 2172 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:27:33.0369 2172 SENS - ok
17:27:33.0384 2172 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:27:33.0386 2172 SensrSvc - ok
17:27:33.0411 2172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:27:33.0412 2172 Serenum - ok
17:27:33.0430 2172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:27:33.0432 2172 Serial - ok
17:27:33.0457 2172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:27:33.0458 2172 sermouse - ok
17:27:33.0490 2172 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:27:33.0492 2172 SessionEnv - ok
17:27:33.0507 2172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:27:33.0508 2172 sffdisk - ok
17:27:33.0517 2172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:27:33.0518 2172 sffp_mmc - ok
17:27:33.0528 2172 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:27:33.0529 2172 sffp_sd - ok
17:27:33.0551 2172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:27:33.0552 2172 sfloppy - ok
17:27:33.0601 2172 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:27:33.0606 2172 Sftfs - ok
17:27:33.0853 2172 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:27:33.0861 2172 sftlist - ok
17:27:33.0905 2172 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:27:33.0907 2172 Sftplay - ok
17:27:33.0936 2172 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:27:33.0936 2172 Sftredir - ok
17:27:33.0949 2172 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:27:33.0950 2172 Sftvol - ok
17:27:34.0035 2172 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:27:34.0037 2172 sftvsa - ok
17:27:34.0076 2172 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:27:34.0081 2172 SharedAccess - ok
17:27:34.0130 2172 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:27:34.0135 2172 ShellHWDetection - ok
17:27:34.0162 2172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:27:34.0164 2172 SiSRaid2 - ok
17:27:34.0173 2172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:27:34.0175 2172 SiSRaid4 - ok
17:27:34.0213 2172 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:27:34.0215 2172 SkypeUpdate - ok
17:27:34.0260 2172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:27:34.0262 2172 Smb - ok
17:27:34.0299 2172 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:27:34.0300 2172 SNMPTRAP - ok
17:27:34.0312 2172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:27:34.0313 2172 spldr - ok
17:27:34.0344 2172 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:27:34.0376 2172 Spooler - ok
17:27:34.0457 2172 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:27:34.0510 2172 sppsvc - ok
17:27:34.0519 2172 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:27:34.0521 2172 sppuinotify - ok
17:27:34.0562 2172 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:27:34.0569 2172 srv - ok
17:27:34.0586 2172 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:27:34.0591 2172 srv2 - ok
17:27:34.0636 2172 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:27:34.0638 2172 srvnet - ok
17:27:34.0659 2172 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:27:34.0662 2172 SSDPSRV - ok
17:27:34.0685 2172 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:27:34.0688 2172 SstpSvc - ok
17:27:34.0719 2172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:27:34.0720 2172 stexstor - ok
17:27:34.0772 2172 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:27:34.0772 2172 StillCam - ok
17:27:34.0801 2172 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:27:34.0819 2172 stisvc - ok
17:27:35.0105 2172 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
17:27:35.0134 2172 Stuffit Archive Name Service - ok
17:27:35.0207 2172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:27:35.0208 2172 swenum - ok
17:27:35.0382 2172 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:27:35.0402 2172 swprv - ok
17:27:35.0449 2172 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:27:35.0484 2172 SysMain - ok
17:27:35.0497 2172 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:27:35.0500 2172 TabletInputService - ok
17:27:35.0515 2172 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:27:35.0519 2172 TapiSrv - ok
17:27:35.0530 2172 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:27:35.0532 2172 TBS - ok
17:27:35.0607 2172 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:27:35.0634 2172 Tcpip - ok
17:27:35.0672 2172 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:27:35.0682 2172 TCPIP6 - ok
17:27:35.0712 2172 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:27:35.0713 2172 tcpipreg - ok
17:27:35.0735 2172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:27:35.0736 2172 TDPIPE - ok
17:27:35.0768 2172 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:27:35.0769 2172 TDTCP - ok
17:27:35.0789 2172 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:27:35.0791 2172 tdx - ok
17:27:35.0817 2172 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:27:35.0818 2172 TermDD - ok
17:27:35.0844 2172 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:27:35.0861 2172 TermService - ok
17:27:35.0881 2172 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:27:35.0883 2172 Themes - ok
17:27:35.0916 2172 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:27:35.0917 2172 THREADORDER - ok
17:27:35.0951 2172 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:27:35.0954 2172 TrkWks - ok
17:27:36.0000 2172 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:27:36.0003 2172 TrustedInstaller - ok
17:27:36.0020 2172 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:27:36.0021 2172 tssecsrv - ok
17:27:36.0050 2172 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:27:36.0051 2172 tunnel - ok
17:27:36.0088 2172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:27:36.0090 2172 uagp35 - ok
17:27:36.0119 2172 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:27:36.0124 2172 udfs - ok
17:27:36.0146 2172 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:27:36.0148 2172 UI0Detect - ok
17:27:36.0179 2172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:27:36.0180 2172 uliagpkx - ok
17:27:36.0205 2172 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:27:36.0206 2172 umbus - ok
17:27:36.0229 2172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:27:36.0230 2172 UmPass - ok
17:27:36.0252 2172 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:27:36.0256 2172 upnphost - ok
17:27:36.0302 2172 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:27:36.0314 2172 USBAAPL64 - ok
17:27:36.0349 2172 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
17:27:36.0350 2172 usbaudio - ok
17:27:36.0382 2172 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:27:36.0383 2172 usbccgp - ok
17:27:36.0425 2172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:27:36.0427 2172 usbcir - ok
17:27:36.0453 2172 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
17:27:36.0454 2172 usbehci - ok
17:27:36.0502 2172 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:27:36.0506 2172 usbhub - ok
17:27:36.0521 2172 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
17:27:36.0522 2172 usbohci - ok
17:27:36.0543 2172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:27:36.0544 2172 usbprint - ok
17:27:36.0561 2172 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:27:36.0562 2172 USBSTOR - ok
17:27:36.0579 2172 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
17:27:36.0581 2172 usbuhci - ok
17:27:36.0628 2172 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
17:27:36.0631 2172 usbvideo - ok
17:27:36.0657 2172 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:27:36.0658 2172 UxSms - ok
17:27:36.0690 2172 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:27:36.0691 2172 VaultSvc - ok
17:27:36.0736 2172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:27:36.0736 2172 vdrvroot - ok
17:27:36.0754 2172 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:27:36.0761 2172 vds - ok
17:27:36.0794 2172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:27:36.0795 2172 vga - ok
17:27:36.0804 2172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:27:36.0805 2172 VgaSave - ok
17:27:36.0836 2172 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:27:36.0839 2172 vhdmp - ok
17:27:36.0856 2172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:27:36.0858 2172 viaide - ok
17:27:36.0882 2172 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:27:36.0883 2172 volmgr - ok
17:27:36.0905 2172 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:27:36.0910 2172 volmgrx - ok
17:27:36.0928 2172 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:27:36.0931 2172 volsnap - ok
17:27:36.0964 2172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:27:36.0967 2172 vsmraid - ok
17:27:37.0005 2172 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:27:37.0039 2172 VSS - ok
17:27:37.0057 2172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:27:37.0058 2172 vwifibus - ok
17:27:37.0075 2172 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:27:37.0080 2172 W32Time - ok
17:27:37.0104 2172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:27:37.0105 2172 WacomPen - ok
17:27:37.0133 2172 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:27:37.0134 2172 WANARP - ok
17:27:37.0151 2172 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:27:37.0152 2172 Wanarpv6 - ok
17:27:37.0256 2172 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:27:37.0286 2172 WatAdminSvc - ok
17:27:37.0403 2172 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:27:37.0426 2172 wbengine - ok
17:27:37.0444 2172 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:27:37.0448 2172 WbioSrvc - ok
17:27:37.0480 2172 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:27:37.0498 2172 wcncsvc - ok
17:27:37.0512 2172 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:27:37.0515 2172 WcsPlugInService - ok
17:27:37.0551 2172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:27:37.0561 2172 Wd - ok
17:27:37.0604 2172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:27:37.0621 2172 Wdf01000 - ok
17:27:37.0639 2172 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:27:37.0642 2172 WdiServiceHost - ok
17:27:37.0646 2172 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:27:37.0649 2172 WdiSystemHost - ok
17:27:37.0681 2172 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:27:37.0685 2172 WebClient - ok
17:27:37.0698 2172 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:27:37.0702 2172 Wecsvc - ok
17:27:37.0720 2172 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:27:37.0722 2172 wercplsupport - ok
17:27:37.0743 2172 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:27:37.0745 2172 WerSvc - ok
17:27:37.0773 2172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:27:37.0774 2172 WfpLwf - ok
17:27:37.0795 2172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:27:37.0796 2172 WIMMount - ok
17:27:37.0836 2172 WinDefend - ok
17:27:37.0860 2172 WinHttpAutoProxySvc - ok
17:27:37.0931 2172 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:27:37.0947 2172 Winmgmt - ok
17:27:37.0993 2172 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:27:38.0045 2172 WinRM - ok
17:27:38.0107 2172 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:27:38.0120 2172 WinUsb - ok
17:27:38.0145 2172 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:27:38.0162 2172 Wlansvc - ok
17:27:38.0184 2172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:27:38.0185 2172 WmiAcpi - ok
17:27:38.0210 2172 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:27:38.0212 2172 wmiApSrv - ok
17:27:38.0242 2172 WMPNetworkSvc - ok
17:27:38.0302 2172 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:27:38.0304 2172 WPCSvc - ok
17:27:38.0318 2172 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:27:38.0321 2172 WPDBusEnum - ok
17:27:38.0350 2172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:27:38.0351 2172 ws2ifsl - ok
17:27:38.0418 2172 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:27:38.0420 2172 wscsvc - ok
17:27:38.0427 2172 WSearch - ok
17:27:38.0581 2172 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
17:27:38.0621 2172 wuauserv - ok
17:27:38.0641 2172 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:27:38.0656 2172 WudfPf - ok
17:27:38.0691 2172 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:27:38.0693 2172 WUDFRd - ok
17:27:38.0712 2172 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:27:38.0714 2172 wudfsvc - ok
17:27:38.0727 2172 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:27:38.0731 2172 WwanSvc - ok
17:27:38.0755 2172 MBR (0x1B8) (119deced257d54f953f8938644fac97d) \Device\Harddisk0\DR0
17:27:40.0055 2172 \Device\Harddisk0\DR0 - ok
17:27:40.0089 2172 Boot (0x1200) (fcdb096ea203d7ccafd2285ce830b503) \Device\Harddisk0\DR0\Partition0
17:27:40.0108 2172 \Device\Harddisk0\DR0\Partition0 - ok
17:27:40.0125 2172 Boot (0x1200) (3b9b3f3bc30898244d92cb2dfda735c3) \Device\Harddisk0\DR0\Partition1
17:27:40.0155 2172 \Device\Harddisk0\DR0\Partition1 - ok
17:27:40.0188 2172 Boot (0x1200) (73637bb43c35ed0a1fd80f4d3a632a35) \Device\Harddisk0\DR0\Partition2
17:27:40.0225 2172 \Device\Harddisk0\DR0\Partition2 - ok
17:27:40.0226 2172 ============================================================
17:27:40.0226 2172 Scan finished
17:27:40.0226 2172 ============================================================
17:27:40.0238 1108 Detected object count: 1
17:27:40.0238 1108 Actual detected object count: 1
17:28:13.0822 1108 C:\Windows\system32\ccispwdsvc.dll - copied to quarantine
17:28:13.0822 1108 HKLM\SYSTEM\ControlSet001\services\mcp - will be deleted on reboot
17:28:13.0836 1108 HKLM\SYSTEM\ControlSet002\services\mcp - will be deleted on reboot
17:28:13.0929 1108 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
17:28:13.0970 1108 C:\Windows\system32\ccispwdsvc.dll - will be deleted on reboot
17:28:13.0970 1108 mcp ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete




aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-06 17:30:51
-----------------------------
17:30:51.742 OS Version: Windows x64 6.1.7600
17:30:51.742 Number of processors: 4 586 0x503
17:30:51.742 ComputerName: KAREN-PC UserName: Karen
17:30:59.490 Initialize success
17:32:52.557 AVAST engine defs: 12040601
17:36:04.060 The log file has been saved successfully to "C:\Users\Karen\Desktop\aswMBR.txt"
17:36:14.595 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
17:36:14.597 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
17:36:14.608 Disk 0 MBR read successfully
17:36:14.610 Disk 0 MBR scan
17:36:14.615 Disk 0 unknown MBR code
17:36:14.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:36:14.636 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 598408 MB offset 206848
17:36:14.674 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11970 MB offset 1225746432
17:36:14.747 Disk 0 scanning C:\Windows\system32\drivers
17:36:23.022 Service scanning
17:36:40.753 Modules scanning
17:36:40.759 Disk 0 trace - called modules:
17:36:40.782 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
17:36:40.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800492a060]
17:36:40.791 3 CLASSPNP.SYS[fffff8800194343f] -> nt!IofCallDriver -> [0xfffffa80046ca7a0]
17:36:40.795 5 ACPI.sys[fffff88000f5f781] -> nt!IofCallDriver -> \Device\00000057[0xfffffa80046ca060]
17:36:42.690 AVAST engine scan C:\Windows
17:37:02.156 AVAST engine scan C:\Windows\system32
17:37:10.164 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-JQ [Trj]
17:37:36.303 File: C:\Windows\system32\liveupdate.dll **INFECTED** Win64:Sirefef-E [Trj]
17:37:36.846 File: C:\Windows\system32\LPDSVC.dll **INFECTED** Win64:Sirefef-E [Trj]
17:38:07.357 File: C:\Windows\system32\pinnaclemarvinusb.dll **INFECTED** Win64:Sirefef-E [Trj]
17:38:31.098 File: C:\Windows\system32\U3sHlpDr.dll **INFECTED** Win64:Sirefef-E [Trj]
17:38:32.518 File: C:\Windows\system32\ulcdrhlp.dll **INFECTED** Win64:Sirefef-E [Trj]
17:38:35.859 File: C:\Windows\system32\wanusb.dll **INFECTED** Win64:Sirefef-E [Trj]
17:38:44.776 File: C:\Windows\system32\wmiapsrv.dll **INFECTED** Win64:Sirefef-E [Trj]
17:38:59.204 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:39:00.913 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:40:57.364 File: C:\Windows\assembly\tmp\loader.tlb **SUSPICIOUS**
17:40:57.416 File: C:\Windows\assembly\tmp\U\00000001.@ **SUSPICIOUS**
17:40:57.473 File: C:\Windows\assembly\tmp\U\000000c0.@ **SUSPICIOUS**
17:40:57.517 File: C:\Windows\assembly\tmp\U\000000cb.@ **SUSPICIOUS**
17:40:57.561 File: C:\Windows\assembly\tmp\U\000000cf.@ **SUSPICIOUS**
17:40:57.577 File: C:\Windows\assembly\tmp\U\80000000.@ **SUSPICIOUS**
17:40:57.635 File: C:\Windows\assembly\tmp\U\800000c0.@ **SUSPICIOUS**
17:40:57.684 File: C:\Windows\assembly\tmp\U\800000c0.@ **INFECTED** Win32:Sirefef-PL [Rtk]
17:40:57.701 File: C:\Windows\assembly\tmp\U\800000cb.@ **SUSPICIOUS**
17:40:57.754 File: C:\Windows\assembly\tmp\U\800000cf.@ **SUSPICIOUS**
17:40:57.809 File: C:\Windows\assembly\tmp\U\800000cf.@ **INFECTED** Win32:Malware-gen
17:40:57.849 File: C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} **SUSPICIOUS**
17:40:58.974 AVAST engine scan C:\Windows\system32\drivers
17:41:12.621 AVAST engine scan C:\Users\Karen
17:41:13.565 File: C:\Users\Karen\AppData\Local\d6fdda4c\U\80000000.@ **INFECTED** Win32:Malware-gen
17:41:13.610 File: C:\Users\Karen\AppData\Local\d6fdda4c\U\800000cb.@ **INFECTED** Win32:Malware-gen
17:45:59.187 Disk 0 MBR has been saved successfully to "C:\Users\Karen\Desktop\MBR.dat"
17:45:59.195 The log file has been saved successfully to "C:\Users\Karen\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 06 April 2012 - 08:53 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Horist

Horist
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 06 April 2012 - 10:25 PM

Heh...I was worried it might not work.

Here is the log:
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 06-04-2012 20:23:10
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-29] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-09-14] ()
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2793304 2009-10-14] ()
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" [346 2012-04-06] ()
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1167360 2009-08-03] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Karen\...\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode [5915480 2010-10-29] (Logitech Inc.)
HKU\Karen\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Karen\...\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe [4950664 2011-06-28] ()
HKU\Karen\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Karen\...\Run: [TuneSync] C:\Program Files (x86)\HighwindSoftware\TuneSync\TuneSync.exe [282960 2012-01-14] (Highwind Software)
HKU\Karen\...\Policies\system: [disableregistrytools] 0
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] ()
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-04-05] (Adobe Systems Incorporated)
2 ATIVTUTW; C:\Windows\System32\pcnet.dll [5120 2009-07-13] (Iomega)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 elosystemservice; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 elosystemservice; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 iksysflt; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 iksysflt; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 LVPrcS64; "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" [191000 2009-10-07] (Logitech Inc.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 scarddrv; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 scarddrv; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 starwindserviceae; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 starwindserviceae; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 Stuffit Archive Name Service; "C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe" [1916248 2009-10-30] (Smith Micro Software, Inc.)
2 tfsndrct; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 tfsndrct; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 tvald; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 tvald; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 vmount2; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
2 vmount2; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 LightScribeService; "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [x]
2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339744 2009-07-30] (NVIDIA Corporation)
0 nvstor64; C:\Windows\System32\Drivers\nvstor64.sys [241696 2009-08-04] (NVIDIA Corporation)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========
NETSVC: ATIVTUTW

============ One Month Created Files and Folders ==============

2012-04-06 20:23 - 2012-04-06 20:23 - 0000000 ____D C:\FRST
2012-04-06 16:46 - 2012-04-06 16:46 - 0000162 ___AH C:\Users\Karen\Desktop\~$tdss.docx
2012-04-06 16:45 - 2012-04-06 16:45 - 0004083 ____A C:\Users\Karen\Desktop\aswMBR.txt
2012-04-06 16:45 - 2012-04-06 16:45 - 0000512 ____A C:\Users\Karen\Desktop\MBR.dat
2012-04-06 16:29 - 2012-04-06 16:29 - 0039790 ____A C:\Users\Karen\Desktop\tdss.docx
2012-04-06 16:27 - 2012-04-06 16:29 - 0123166 ____A C:\TDSSKiller.2.7.26.0_06.04.2012_17.27.06_log.txt
2012-04-06 16:26 - 2012-04-06 16:26 - 4731392 ____A (AVAST Software) C:\Users\Karen\Desktop\aswMBR.exe
2012-04-05 19:18 - 2012-04-05 19:18 - 0607260 ____R (Swearware) C:\Users\Karen\Desktop\dds.scr
2012-04-05 19:18 - 2012-04-05 19:18 - 0607260 ____A (Swearware) C:\Users\Karen\Downloads\dds.scr
2012-04-05 19:02 - 2012-04-06 16:44 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-05 19:02 - 2012-04-05 19:02 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-05 18:53 - 2012-04-06 16:28 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-05 18:52 - 2012-04-05 18:53 - 0122806 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_19.52.51_log.txt
2012-04-05 18:52 - 2012-04-05 18:52 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Karen\Downloads\tdsskiller.exe
2012-04-05 18:52 - 2012-04-05 18:52 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Karen\Desktop\tdsskiller.exe
2012-04-05 18:43 - 2012-04-05 21:19 - 0000000 ___SD C:\32788R22FWJFW
2012-04-05 15:43 - 2012-04-05 15:43 - 0271816 ____A C:\Windows\Minidump\040512-23197-01.dmp
2012-04-05 15:41 - 2012-04-05 15:41 - 0271816 ____A C:\Windows\Minidump\040512-24336-01.dmp
2012-04-05 06:12 - 2012-04-05 06:12 - 0271816 ____A C:\Windows\Minidump\040512-22120-01.dmp
2012-04-05 06:09 - 2012-04-05 06:09 - 0271816 ____A C:\Windows\Minidump\040512-16567-01.dmp
2012-04-05 06:07 - 2012-04-05 06:07 - 0271816 ____A C:\Windows\Minidump\040512-15865-01.dmp
2012-04-05 06:04 - 2012-04-05 06:04 - 0271816 ____A C:\Windows\Minidump\040512-16052-01.dmp
2012-04-05 06:02 - 2012-04-05 06:02 - 0271816 ____A C:\Windows\Minidump\040512-17253-01.dmp
2012-04-05 06:00 - 2012-04-05 06:00 - 0271816 ____A C:\Windows\Minidump\040512-15802-01.dmp
2012-04-04 23:10 - 2012-04-04 23:10 - 0271816 ____A C:\Windows\Minidump\040512-16224-01.dmp
2012-04-04 23:07 - 2012-04-05 15:42 - 0500700 ____A C:\Windows\ntbtlog.txt
2012-04-04 23:07 - 2012-04-04 23:07 - 0271816 ____A C:\Windows\Minidump\040512-15007-01.dmp
2012-04-04 23:04 - 2012-04-04 23:04 - 0000000 ____D C:\Windows\pss
2012-04-04 21:33 - 2012-04-04 21:33 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Malwarebytes
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 21:33 - 2011-12-10 14:24 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 13:07 - 2012-04-04 13:07 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Jaran Nilsen
2012-04-03 09:08 - 2012-04-03 09:07 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-03 09:08 - 2012-04-03 09:07 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-03 09:08 - 2012-04-03 09:07 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-03 09:05 - 2012-04-03 09:05 - 0010138 ____A C:\Users\Karen\Documents\Wet floors.docx
2012-04-02 18:56 - 2012-04-02 18:56 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Tific
2012-04-02 18:56 - 2012-04-02 18:56 - 0000000 ____D C:\Users\Karen\AppData\Local\Symantec
2012-04-02 18:33 - 2012-04-02 18:33 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-04-02 17:23 - 2012-04-06 19:18 - 0000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-04-02 17:22 - 2012-04-02 17:22 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-02 17:21 - 2012-04-04 23:00 - 0000000 __SHD C:\Users\Karen\AppData\Local\d6fdda4c
2012-04-01 16:58 - 2012-04-01 16:58 - 0000000 ____D C:\Program Files (x86)\Notpod
2012-03-31 20:57 - 2012-03-31 21:00 - 0036352 ____A C:\Users\Karen\Documents\Rick and Karen Horist Tax Info 2011.doc
2012-03-31 11:15 - 2012-03-31 11:15 - 0013460 ____A C:\Users\Karen\Documents\Thyatira.docx
2012-03-30 08:29 - 2012-03-30 08:29 - 0011094 ____A C:\Users\Karen\Documents\Directions to Bryan's Home.docx
2012-03-29 19:51 - 2012-03-29 19:51 - 0341788 ____A C:\Users\Karen\Downloads\TuneSync_Lite2_29.apk
2012-03-29 19:39 - 2012-03-29 19:39 - 0000000 ____D C:\Program Files (x86)\HighwindSoftware
2012-03-28 10:05 - 2012-03-28 10:05 - 0011347 ____A C:\Users\Karen\Documents\Contentment verses.docx
2012-03-28 09:35 - 2012-03-28 10:29 - 0017184 ____A C:\Users\Karen\Documents\Ambition and Contentment (lesson 11).docx
2012-03-26 09:31 - 2012-03-26 09:31 - 0011819 ____A C:\Users\Karen\Documents\Donations.docx
2012-03-24 07:36 - 2012-03-24 07:36 - 0012401 ____A C:\Users\Karen\Documents\Prov 20-observations of life.docx
2012-03-23 07:40 - 2012-03-23 07:40 - 0918264 ____A C:\Users\Karen\Downloads\Attachments_2012_03_23.zip
2012-03-20 16:21 - 2012-03-20 16:21 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-20 16:20 - 2012-03-20 16:21 - 0000000 ____D C:\Program Files\iTunes
2012-03-20 16:20 - 2012-03-20 16:21 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-20 16:20 - 2012-03-20 16:20 - 0000000 ____D C:\Program Files\iPod
2012-03-20 08:03 - 2012-03-20 08:24 - 0011788 ____A C:\Users\Karen\Documents\Bruschetta Chicken.docx
2012-03-17 09:07 - 2012-03-17 09:53 - 0012345 ____A C:\Users\Karen\Documents\Prov 19.docx
2012-03-14 02:01 - 2011-11-19 10:30 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:01 - 2011-11-19 06:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-14 02:01 - 2011-11-19 06:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-13 18:41 - 2012-02-09 22:18 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 18:41 - 2012-02-09 22:17 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 18:41 - 2012-02-09 22:17 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 18:41 - 2012-02-09 22:17 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 18:41 - 2012-02-09 22:17 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 18:41 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-13 18:41 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-13 18:41 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-13 18:41 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-13 18:41 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-13 18:41 - 2012-02-02 20:16 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 16:00 - 2012-02-14 22:27 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 16:00 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-13 16:00 - 2012-02-14 20:47 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 16:00 - 2012-02-14 20:46 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 16:00 - 2012-01-24 22:27 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 16:00 - 2012-01-24 22:27 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 16:00 - 2012-01-24 22:20 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

============ 3 Months Modified Files and Folders =============

2012-04-06 20:23 - 2012-04-06 20:23 - 0000000 ____D C:\FRST
2012-04-06 19:18 - 2012-04-02 17:23 - 0000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-04-06 19:18 - 2010-12-17 12:15 - 0000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-04-06 19:18 - 2010-08-27 17:01 - 0328864 ____A C:\Windows\PFRO.log
2012-04-06 19:18 - 2010-08-27 16:56 - 3018711040 __ASH C:\hiberfil.sys
2012-04-06 19:18 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-06 19:18 - 2009-07-13 20:51 - 0034216 ____A C:\Windows\setupact.log
2012-04-06 19:16 - 2010-12-19 14:39 - 0000000 ____D C:\Users\Karen\Tracing
2012-04-06 19:16 - 2010-12-17 14:46 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-06 16:49 - 2010-12-17 12:46 - 0000000 ____D C:\Users\Karen\AppData\Roaming\SoftGrid Client
2012-04-06 16:49 - 2010-11-02 19:14 - 1448418 ____A C:\Windows\WindowsUpdate.log
2012-04-06 16:47 - 2010-12-30 15:31 - 0000000 ____D C:\Users\Karen\AppData\Local\CrashDumps
2012-04-06 16:46 - 2012-04-06 16:46 - 0000162 ___AH C:\Users\Karen\Desktop\~$tdss.docx
2012-04-06 16:45 - 2012-04-06 16:45 - 0004083 ____A C:\Users\Karen\Desktop\aswMBR.txt
2012-04-06 16:45 - 2012-04-06 16:45 - 0000512 ____A C:\Users\Karen\Desktop\MBR.dat
2012-04-06 16:44 - 2012-04-05 19:02 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-06 16:40 - 2010-12-17 14:46 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-06 16:37 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-06 16:37 - 2009-07-13 20:45 - 0015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-06 16:36 - 2009-07-13 21:13 - 0727182 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-06 16:29 - 2012-04-06 16:29 - 0039790 ____A C:\Users\Karen\Desktop\tdss.docx
2012-04-06 16:29 - 2012-04-06 16:27 - 0123166 ____A C:\TDSSKiller.2.7.26.0_06.04.2012_17.27.06_log.txt
2012-04-06 16:28 - 2012-04-05 18:53 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-06 16:26 - 2012-04-06 16:26 - 4731392 ____A (AVAST Software) C:\Users\Karen\Desktop\aswMBR.exe
2012-04-05 21:19 - 2012-04-05 18:43 - 0000000 ___SD C:\32788R22FWJFW
2012-04-05 21:16 - 2011-08-09 20:24 - 0000000 ____D C:\Users\Karen\AppData\Roaming\uTorrent
2012-04-05 19:18 - 2012-04-05 19:18 - 0607260 ____R (Swearware) C:\Users\Karen\Desktop\dds.scr
2012-04-05 19:18 - 2012-04-05 19:18 - 0607260 ____A (Swearware) C:\Users\Karen\Downloads\dds.scr
2012-04-05 19:02 - 2012-04-05 19:02 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-05 19:02 - 2011-06-17 09:14 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-05 18:53 - 2012-04-05 18:52 - 0122806 ____A C:\TDSSKiller.2.7.26.0_05.04.2012_19.52.51_log.txt
2012-04-05 18:52 - 2012-04-05 18:52 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Karen\Downloads\tdsskiller.exe
2012-04-05 18:52 - 2012-04-05 18:52 - 2073136 ____A (Kaspersky Lab ZAO) C:\Users\Karen\Desktop\tdsskiller.exe
2012-04-05 18:17 - 2010-12-17 14:46 - 0000000 ____D C:\Program Files\Google
2012-04-05 18:17 - 2010-12-17 14:45 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-05 18:17 - 2010-08-27 17:46 - 0000000 ____D C:\Users\All Users\Norton
2012-04-05 18:17 - 2010-08-27 17:46 - 0000000 ____D C:\ProgramData\Norton
2012-04-05 16:36 - 2010-12-17 14:46 - 0000000 ____D C:\Users\Karen\AppData\Local\Google
2012-04-05 16:23 - 2011-09-15 14:02 - 0000000 ____D C:\Users\Karen\AppData\Local\V CAST Media Manager
2012-04-05 16:21 - 2010-12-17 14:45 - 0000000 ____D C:\Users\All Users\Google
2012-04-05 16:21 - 2010-12-17 14:45 - 0000000 ____D C:\ProgramData\Google
2012-04-05 15:57 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-05 15:43 - 2012-04-05 15:43 - 0271816 ____A C:\Windows\Minidump\040512-23197-01.dmp
2012-04-05 15:43 - 2011-04-30 09:59 - 0000000 ____D C:\Windows\Minidump
2012-04-05 15:43 - 2011-04-30 09:58 - 259098059 ____A C:\Windows\MEMORY.DMP
2012-04-05 15:42 - 2012-04-04 23:07 - 0500700 ____A C:\Windows\ntbtlog.txt
2012-04-05 15:41 - 2012-04-05 15:41 - 0271816 ____A C:\Windows\Minidump\040512-24336-01.dmp
2012-04-05 06:12 - 2012-04-05 06:12 - 0271816 ____A C:\Windows\Minidump\040512-22120-01.dmp
2012-04-05 06:09 - 2012-04-05 06:09 - 0271816 ____A C:\Windows\Minidump\040512-16567-01.dmp
2012-04-05 06:07 - 2012-04-05 06:07 - 0271816 ____A C:\Windows\Minidump\040512-15865-01.dmp
2012-04-05 06:04 - 2012-04-05 06:04 - 0271816 ____A C:\Windows\Minidump\040512-16052-01.dmp
2012-04-05 06:02 - 2012-04-05 06:02 - 0271816 ____A C:\Windows\Minidump\040512-17253-01.dmp
2012-04-05 06:00 - 2012-04-05 06:00 - 0271816 ____A C:\Windows\Minidump\040512-15802-01.dmp
2012-04-04 23:10 - 2012-04-04 23:10 - 0271816 ____A C:\Windows\Minidump\040512-16224-01.dmp
2012-04-04 23:07 - 2012-04-04 23:07 - 0271816 ____A C:\Windows\Minidump\040512-15007-01.dmp
2012-04-04 23:04 - 2012-04-04 23:04 - 0000000 ____D C:\Windows\pss
2012-04-04 23:00 - 2012-04-02 17:21 - 0000000 __SHD C:\Users\Karen\AppData\Local\d6fdda4c
2012-04-04 21:33 - 2012-04-04 21:33 - 0001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Malwarebytes
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-04 21:33 - 2012-04-04 21:33 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-04 19:41 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-04 13:17 - 2011-09-15 14:02 - 0000000 ____D C:\Users\Karen\AppData\Roaming\vlc
2012-04-04 13:07 - 2012-04-04 13:07 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Jaran Nilsen
2012-04-03 09:07 - 2012-04-03 09:08 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-03 09:07 - 2012-04-03 09:08 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-03 09:07 - 2012-04-03 09:08 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-03 09:07 - 2011-02-09 13:00 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-03 09:05 - 2012-04-03 09:05 - 0010138 ____A C:\Users\Karen\Documents\Wet floors.docx
2012-04-02 18:56 - 2012-04-02 18:56 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Tific
2012-04-02 18:56 - 2012-04-02 18:56 - 0000000 ____D C:\Users\Karen\AppData\Local\Symantec
2012-04-02 18:36 - 2011-08-09 20:18 - 0000000 ____D C:\Users\Karen\Desktop\bryan
2012-04-02 18:33 - 2012-04-02 18:33 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-04-02 18:31 - 2010-12-17 12:08 - 0000000 ____D C:\Users\Karen\AppData\LocalLow
2012-04-02 18:30 - 2012-02-05 17:43 - 0000332 ____A C:\Windows\Tasks\HPCeeScheduleForKaren.job
2012-04-02 17:22 - 2012-04-02 17:22 - 0000000 ____D C:\Windows\System32\Macromed
2012-04-01 16:58 - 2012-04-01 16:58 - 0000000 ____D C:\Program Files (x86)\Notpod
2012-03-31 21:00 - 2012-03-31 20:57 - 0036352 ____A C:\Users\Karen\Documents\Rick and Karen Horist Tax Info 2011.doc
2012-03-31 15:40 - 2010-12-25 18:10 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-03-31 15:40 - 2010-12-17 12:08 - 0000000 ____D C:\users\Karen
2012-03-31 15:39 - 2010-12-25 18:09 - 0000000 ____D C:\Users\Karen\AppData\Roaming\HpUpdate
2012-03-31 15:39 - 2010-12-25 18:09 - 0000000 ____D C:\Users\Karen\AppData\Roaming\HP Support Assistant
2012-03-31 11:15 - 2012-03-31 11:15 - 0013460 ____A C:\Users\Karen\Documents\Thyatira.docx
2012-03-30 08:29 - 2012-03-30 08:29 - 0011094 ____A C:\Users\Karen\Documents\Directions to Bryan's Home.docx
2012-03-29 19:51 - 2012-03-29 19:51 - 0341788 ____A C:\Users\Karen\Downloads\TuneSync_Lite2_29.apk
2012-03-29 19:39 - 2012-03-29 19:39 - 0000000 ____D C:\Program Files (x86)\HighwindSoftware
2012-03-28 13:21 - 2010-12-17 13:11 - 0011523 ____A C:\Users\Karen\Documents\Good Neighbor Recipe.docx
2012-03-28 10:29 - 2012-03-28 09:35 - 0017184 ____A C:\Users\Karen\Documents\Ambition and Contentment (lesson 11).docx
2012-03-28 10:05 - 2012-03-28 10:05 - 0011347 ____A C:\Users\Karen\Documents\Contentment verses.docx
2012-03-28 08:03 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-28 06:17 - 2010-12-17 13:26 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Apple Computer
2012-03-28 06:12 - 2010-12-17 14:45 - 0000000 ____D C:\Users\Karen\AppData\Roaming\Skype
2012-03-27 08:55 - 2011-07-26 11:05 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-27 08:55 - 2010-12-17 14:45 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-27 08:55 - 2010-12-17 14:45 - 0000000 ____D C:\Users\All Users\Skype
2012-03-27 08:55 - 2010-12-17 14:45 - 0000000 ____D C:\ProgramData\Skype
2012-03-26 09:31 - 2012-03-26 09:31 - 0011819 ____A C:\Users\Karen\Documents\Donations.docx
2012-03-24 07:36 - 2012-03-24 07:36 - 0012401 ____A C:\Users\Karen\Documents\Prov 20-observations of life.docx
2012-03-23 07:40 - 2012-03-23 07:40 - 0918264 ____A C:\Users\Karen\Downloads\Attachments_2012_03_23.zip
2012-03-20 16:22 - 2011-06-16 09:45 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-03-20 16:22 - 2011-06-16 09:45 - 0000000 ____D C:\Program Files (x86)\Safari
2012-03-20 16:21 - 2012-03-20 16:21 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-20 16:21 - 2012-03-20 16:20 - 0000000 ____D C:\Program Files\iTunes
2012-03-20 16:21 - 2012-03-20 16:20 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-20 16:21 - 2011-06-16 09:45 - 0001245 ____A C:\Windows\System32\mapisvc.inf
2012-03-20 16:20 - 2012-03-20 16:20 - 0000000 ____D C:\Program Files\iPod
2012-03-20 08:24 - 2012-03-20 08:03 - 0011788 ____A C:\Users\Karen\Documents\Bruschetta Chicken.docx
2012-03-17 09:53 - 2012-03-17 09:07 - 0012345 ____A C:\Users\Karen\Documents\Prov 19.docx
2012-03-16 12:15 - 2012-01-16 16:32 - 0000000 ____D C:\Users\Karen\AppData\Local\Smith Micro
2012-03-14 02:19 - 2009-07-13 20:45 - 0421256 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-03 08:54 - 2012-03-03 07:46 - 0012415 ____A C:\Users\Karen\Documents\Proverbs 17 Strife.docx
2012-02-28 14:46 - 2012-01-25 20:21 - 0021582 ____A C:\Users\Karen\Documents\WHITE MUD.docx
2012-02-28 09:39 - 2012-02-27 13:44 - 0012695 ____A C:\Users\Karen\Documents\Booking campsites 2012.docx
2012-02-27 19:05 - 2012-02-27 19:05 - 0000000 ___SD C:\Users\Karen\Documents\My Data Sources
2012-02-27 11:35 - 2012-02-27 11:29 - 0011504 ____A C:\Users\Karen\Documents\Big Bear campsites 2012.docx
2012-02-23 08:18 - 2011-06-16 17:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-22 09:28 - 2012-02-22 09:28 - 0052903 ____A C:\Users\Karen\Documents\Michelle update.docx
2012-02-22 08:28 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-02-22 07:52 - 2012-02-22 07:52 - 0001748 ____A C:\Users\Karen\Downloads\Mover2.rdp
2012-02-22 07:52 - 2012-02-22 07:52 - 0001748 ____A C:\Users\Karen\Downloads\Mover2 (1).rdp
2012-02-22 07:18 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-02-21 03:08 - 2012-02-21 03:08 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-21 03:08 - 2012-02-21 03:08 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-21 03:08 - 2012-02-21 03:08 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-21 03:08 - 2012-02-21 03:08 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-21 03:08 - 2012-02-21 03:08 - 2308096 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 1798656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 17790464 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-21 03:08 - 2012-02-21 03:08 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-21 03:08 - 2012-02-21 03:08 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 12282368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 10887168 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-21 03:08 - 2012-02-21 03:08 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-21 03:08 - 2012-02-21 03:08 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-21 03:08 - 2012-02-21 03:08 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-21 03:08 - 2012-02-21 03:08 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-21 03:08 - 2012-02-21 03:08 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-21 03:08 - 2012-02-21 03:08 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-21 03:08 - 2012-02-21 03:08 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-21 03:08 - 2012-02-21 03:08 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-21 03:08 - 2012-02-21 03:00 - 0004058 ____A C:\Windows\IE9_main.log
2012-02-18 16:05 - 2011-10-29 07:01 - 0000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-02-18 09:39 - 2012-02-16 16:45 - 0013328 ____A C:\Users\Karen\Documents\Charge to the Church I Thess 3.docx
2012-02-18 03:03 - 2010-12-17 12:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-18 03:03 - 2010-12-17 12:20 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-16 07:01 - 2010-12-17 12:14 - 0000174 ___SH C:\Users\Karen\Start Menu\Programs\Startup\desktop.ini
2012-02-16 07:01 - 2010-12-17 12:14 - 0000174 ___SH C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 03:25 - 2010-08-27 17:42 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 03:03 - 2010-12-17 12:46 - 0743066 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-16 03:03 - 2010-12-17 12:45 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-14 22:27 - 2012-03-13 16:00 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-13 16:00 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-13 16:00 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-13 16:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-11 08:33 - 2012-02-08 18:40 - 0012329 ____A C:\Users\Karen\Documents\Proverbs 15.docx
2012-02-09 22:18 - 2012-03-13 18:41 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 22:17 - 2012-03-13 18:41 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 22:17 - 2012-03-13 18:41 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 22:17 - 2012-03-13 18:41 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 22:17 - 2012-03-13 18:41 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 21:41 - 2012-03-13 18:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 18:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 21:41 - 2012-03-13 18:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-02-09 21:41 - 2012-03-13 18:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 18:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-02-05 17:42 - 2010-08-27 17:12 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-05 17:42 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-02-05 17:37 - 2012-02-05 17:37 - 0002181 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-02-05 17:37 - 2010-08-27 17:05 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-02-05 17:34 - 2012-02-05 17:34 - 0000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-05 17:34 - 2012-02-05 17:34 - 0000000 ____D C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-05 17:34 - 2011-09-18 02:17 - 0000000 ____D C:\Users\All Users\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-02-05 17:34 - 2011-09-18 02:17 - 0000000 ____D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-02-04 08:25 - 2012-02-03 17:25 - 0013597 ____A C:\Users\Karen\Documents\Prayer and Fasting.docx
2012-02-02 21:41 - 2012-01-07 10:41 - 0012622 ____A C:\Users\Karen\Documents\PERSONAL LOAN AGREEMENT FORM.docx
2012-02-02 21:37 - 2012-02-02 21:37 - 0021803 ____A C:\Users\Karen\Documents\Bryan's Loan schedule.docx
2012-02-02 20:16 - 2012-03-13 18:41 - 3143168 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-01 14:51 - 2010-12-17 13:11 - 0028672 ____A C:\Users\Karen\Documents\LADIES STUDY BIRTHDAY LIST.doc
2012-02-01 14:32 - 2012-01-31 13:14 - 0020480 ____A C:\Users\Karen\Documents\LESSON 3 Simplifying Your Spiritual Life.docx
2012-01-31 08:21 - 2012-01-31 08:21 - 0000000 __RSD C:\Users\Karen\Documents\My Stationery
2012-01-31 08:21 - 2012-01-31 08:21 - 0000000 ____A C:\Users\Karen\Sti_Trace.log
2012-01-24 22:27 - 2012-03-13 16:00 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:27 - 2012-03-13 16:00 - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:20 - 2012-03-13 16:00 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-20 19:47 - 2012-01-20 19:47 - 0000000 ____D C:\Users\Karen\AppData\Local\DDMSettings
2012-01-16 16:41 - 2012-01-16 16:40 - 0000000 ____D C:\Users\Karen\AppData\Roaming\DivX
2012-01-16 16:41 - 2012-01-16 16:39 - 0000000 ____D C:\Users\All Users\DivX
2012-01-16 16:41 - 2012-01-16 16:39 - 0000000 ____D C:\ProgramData\DivX
2012-01-16 16:41 - 2012-01-16 16:39 - 0000000 ____D C:\Program Files (x86)\DivX
2012-01-16 16:40 - 2012-01-16 16:40 - 0000000 ____D C:\Program Files\DivX
2012-01-16 16:32 - 2012-01-16 16:32 - 0000000 ____D C:\Users\Karen\Documents\My Archives
2012-01-16 16:32 - 2012-01-16 16:32 - 0000000 ____D C:\Users\All Users\Smith Micro
2012-01-16 16:32 - 2012-01-16 16:32 - 0000000 ____D C:\ProgramData\Smith Micro
2012-01-16 16:32 - 2012-01-16 16:32 - 0000000 ____D C:\Program Files (x86)\Smith Micro
2012-01-14 10:09 - 2012-01-14 10:09 - 0012129 ____A C:\Users\Karen\Documents\Proverbs 14.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3838.49 MB
Available physical RAM: 3099.42 MB
Total Pagefile: 3836.64 MB
Available Pagefile: 3075.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:584.38 GB) (Free:511.58 GB) NTFS
2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.69 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.73 GB) (Free:1.72 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 3823 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 584 GB 101 MB
Partition 3 Primary 11 GB 584 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 584 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-30 09:03

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 06 April 2012 - 11:36 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 ATIVTUTW; C:\Windows\System32\pcnet.dll [5120 2009-07-13] (Iomega)
C:\Windows\System32\pcnet.dll
NETSVC: ATIVTUTW


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Horist

Horist
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 06 April 2012 - 11:53 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-06 21:52:25 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
ATIVTUTW service deleted successfully.
C:\Windows\System32\pcnet.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ATIVTUTW Deleted successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 07 April 2012 - 12:29 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\tmp\U

File::
C:\Windows\system32\consrv.dll 
C:\Windows\system32\liveupdate.dll
C:\Windows\system32\LPDSVC.dll
C:\Windows\system32\pinnaclemarvinusb.dll
C:\Windows\system32\U3sHlpDr.dll
C:\Windows\system32\ulcdrhlp.dll 
C:\Windows\system32\wanusb.dll
C:\Windows\system32\wmiapsrv.dll
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\tmp\loader.tlb

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Horist

Horist
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 April 2012 - 12:58 AM

I think I'm good to go. Here is the combofix log. Clicking a link on google took me there instead of redirect. I haven't rerun malwarebytes until you give the ok. thanks!!

ComboFix 12-04-06.03 - Karen 04/06/2012 22:42:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2395 [GMT -7:00]
Running from: c:\users\Karen\Desktop\ComboFix.exe
Command switches used :: c:\users\Karen\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\assembly\tmp\loader.tlb"
"c:\windows\system32\consrv.dll"
"c:\windows\system32\liveupdate.dll"
"c:\windows\system32\LPDSVC.dll"
"c:\windows\system32\pinnaclemarvinusb.dll"
"c:\windows\system32\U3sHlpDr.dll"
"c:\windows\system32\ulcdrhlp.dll"
"c:\windows\system32\wanusb.dll"
"c:\windows\system32\wmiapsrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Karen\AppData\Local\d6fdda4c\U
c:\users\Karen\AppData\Local\d6fdda4c\U\000000cb.@
c:\users\Karen\AppData\Local\d6fdda4c\U\80000000.@
c:\users\Karen\AppData\Local\d6fdda4c\U\800000cb.@
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\loader.tlb
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\system32\liveupdate.dll
c:\windows\system32\LPDSVC.dll
c:\windows\system32\pinnaclemarvinusb.dll
c:\windows\system32\U3sHlpDr.dll
c:\windows\system32\ulcdrhlp.dll
c:\windows\system32\wanusb.dll
c:\windows\system32\wmiapsrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 05:47 . 2012-04-07 05:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 04:23 . 2012-04-07 04:24 -------- d-----w- C:\FRST
2012-04-06 03:02 . 2012-04-06 03:02 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 02:53 . 2012-04-07 00:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-05 05:33 . 2012-04-05 05:33 -------- d-----w- c:\users\Karen\AppData\Roaming\Malwarebytes
2012-04-05 05:33 . 2012-04-05 05:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-05 05:33 . 2012-04-05 05:33 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 05:33 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-04 21:07 . 2012-04-04 21:07 -------- d-----w- c:\users\Karen\AppData\Roaming\Jaran Nilsen
2012-04-03 19:08 . 2012-04-03 19:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-03 02:56 . 2012-04-03 02:56 -------- d-----w- c:\users\Karen\AppData\Roaming\Tific
2012-04-03 02:56 . 2012-04-03 02:56 -------- d-----w- c:\users\Karen\AppData\Local\Symantec
2012-04-03 02:33 . 2012-04-03 02:33 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-04-03 01:23 . 2012-04-07 03:18 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-04-03 01:22 . 2012-04-03 01:22 -------- d-----w- c:\windows\system32\Macromed
2012-04-03 01:21 . 2012-04-07 05:47 -------- d-sh--w- c:\users\Karen\AppData\Local\d6fdda4c
2012-04-02 00:58 . 2012-04-02 00:58 -------- d-----w- c:\program files (x86)\Notpod
2012-03-30 14:12 . 2012-03-14 03:27 8669240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61DEE671-86C2-4C3D-B8C4-B53ADF371A57}\mpengine.dll
2012-03-30 03:39 . 2012-03-30 03:39 -------- d-----w- c:\program files (x86)\HighwindSoftware
2012-03-27 16:55 . 2012-03-27 16:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-21 00:20 . 2012-03-21 00:20 -------- d-----w- c:\program files\iPod
2012-03-21 00:20 . 2012-03-21 00:21 -------- d-----w- c:\program files\iTunes
2012-03-21 00:20 . 2012-03-21 00:21 -------- d-----w- c:\program files (x86)\iTunes
2012-03-14 10:01 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 10:01 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:01 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 02:41 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:41 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 02:41 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 02:41 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 02:41 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 02:41 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:41 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 02:41 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 02:41 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 02:41 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 02:41 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 00:00 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 00:00 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:00 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 00:00 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:00 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 00:00 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:00 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 03:02 . 2011-06-17 17:14 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-03 17:07 . 2011-02-09 21:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-24 15:28 . 2012-02-24 15:28 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 16:18 . 2011-06-17 01:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 11:08 . 2012-02-21 11:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 11:08 . 2012-02-21 11:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 11:08 . 2012-02-21 11:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-21 11:08 . 2012-02-21 11:08 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-21 11:08 . 2012-02-21 11:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 11:08 . 2012-02-21 11:08 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-21 11:08 . 2012-02-21 11:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 11:08 . 2012-02-21 11:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-21 11:08 . 2012-02-21 11:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-21 11:08 . 2012-02-21 11:08 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-21 11:08 . 2012-02-21 11:08 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-21 11:08 . 2012-02-21 11:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-21 11:08 . 2012-02-21 11:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-21 11:08 . 2012-02-21 11:08 448512 ----a-w- c:\windows\system32\html.iec
2012-02-21 11:08 . 2012-02-21 11:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-21 11:08 . 2012-02-21 11:08 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-21 11:08 . 2012-02-21 11:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-21 11:08 . 2012-02-21 11:08 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-21 11:08 . 2012-02-21 11:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-21 11:08 . 2012-02-21 11:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-21 11:08 . 2012-02-21 11:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-21 11:08 . 2012-02-21 11:08 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-21 11:08 . 2012-02-21 11:08 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-21 11:08 . 2012-02-21 11:08 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-21 11:08 . 2012-02-21 11:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-21 11:08 . 2012-02-21 11:08 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-21 11:08 . 2012-02-21 11:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-21 11:08 . 2012-02-21 11:08 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-21 11:08 . 2012-02-21 11:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-21 11:08 . 2012-02-21 11:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-21 11:08 . 2012-02-21 11:08 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-21 11:08 . 2012-02-21 11:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-21 11:08 . 2012-02-21 11:08 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-21 11:08 . 2012-02-21 11:08 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-21 11:08 . 2012-02-21 11:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-21 11:08 . 2012-02-21 11:08 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-21 11:08 . 2012-02-21 11:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-21 11:08 . 2012-02-21 11:08 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-21 11:08 . 2012-02-21 11:08 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-21 11:08 . 2012-02-21 11:08 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-21 11:08 . 2012-02-21 11:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-21 11:08 . 2012-02-21 11:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-06-28 4950664]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"TuneSync"="c:\program files (x86)\HighwindSoftware\TuneSync\TuneSync.exe" [2012-01-14 282960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:02]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 22:46]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-17 22:46]
.
2012-04-03 c:\windows\Tasks\HPCeeScheduleForKaren.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-01262370.sys
SafeBoot-81829638.sys
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-04-06 22:55:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 05:55
.
Pre-Run: 549,117,095,936 bytes free
Post-Run: 551,382,384,640 bytes free
.
- - End Of File - - 3FB45AE738C1A25BD3AE4811DF143D47

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 07 April 2012 - 02:08 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Horist

Horist
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 April 2012 - 09:25 AM

Here it is:


Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X
Apple Application Support
Apple Software Update
Brother MFL-Pro Suite MFC-5895CW
CyberLink DVD Suite Deluxe
DirectX for Managed Code Update (Summer 2004)
DivX Setup
DVD Menu Pack for HP MediaSmart Video
ffdshow [rev 2527] [2008-12-19]
Google Chrome
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LabelPrint
LightScribe System Software
Logitech Vid HD
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PictureMover
Power2Go
PowerDirector
QuickTime
Realtek High Definition Audio Driver
Recovery Manager
Safari
SAMSUNG USB Driver for Mobile Phones
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Click to Call
Skype 5.8
TuneSync Server 2.0.19
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Verizon V CAST Media Manager
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WModem Driver Installer
Yahoo! BrowserPlus 2.9.8

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:55 PM

Posted 07 April 2012 - 11:33 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

McAfee Security Scan Plus [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Horist

Horist
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 08 April 2012 - 10:38 AM

computer works great!

Here are the 2 requested logs:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.08.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Karen :: KAREN-PC [administrator]

4/8/2012 8:26:04 AM
mbam-log-2012-04-08 (08-26-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197030
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:37:57 AM, on 4/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HighwindSoftware\TuneSync\TuneSync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [TuneSync] C:\Program Files (x86)\HighwindSoftware\TuneSync\TuneSync.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: TcUsb (elosystemservice) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Nvcap (iksysflt) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Hpzius12 (scarddrv) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SetupSys (starwindserviceae) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
O23 - Service: Ltmodem5 (tfsndrct) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: SE27mgmt (tvald) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Pcandis5 (vmount2) - Unknown owner - \\.\globalrootC:\Windows\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13318 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users