Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

kazy.208427 infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 melbb

melbb

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 02 August 2013 - 03:23 PM

Emisoft anti-malware identified this in a scan. Malware bytes called it Trojan.FakeMS. I removed it and fixed my browsers from the search hijack (conduit). I rescanned and came up clean, but I am getting suspicous popups for fake firefox updates, surveys and such that I never typically get, so I am thinking there might be some residual stuff. Here are my logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.17.2
Run by Melanie at 16:17:11 on 2013-08-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8172.5964 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfPro5Hook.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
C:\Users\Melanie\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe
C:\Users\Melanie\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1AW.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Awj.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: GetSavin 5.0: {16A508D4-CF19-4190-85BC-F03B63316591} -
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Rich Media Downloader: {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Google Update] "C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309758\plugins\TBVerifier.dll",RunConduitFloatingPlugin dkjaldeegndmngnahlmdbfnejdobkmil
uRun: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll",RunConduitFloatingPlugin mfchmfgdaabgdjbcaophikcobddojjoe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [IndexSearch] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe"
mRun: [PDFHook] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe
mRun: [RUNUPDATER] C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe
mRun: [Dell 1355 MFP Launcher] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" /Run
mRun: [Dell 1355 MFP RUN] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe"
mRun: [StatusAutoRun] "C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" RUNSTART
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHOTOF~1.LNK - C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} -
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5DC984CC-C48F-4665-80BE-72F1EAAF915D} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5DC984CC-C48F-4665-80BE-72F1EAAF915D}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7FA5CE72-E3D2-4BBF-80D2-29218E6A8715} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ar5d55o2.default-1375386261874\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Melanie\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 EnumProcessesDriver;EnumProcessesDriver;C:\Windows\System32\drivers\EnumProcessesDriver.sys [2012-3-2 20080]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-12-22 133728]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2011-12-22 211040]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2011-12-22 142944]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-12-21 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-12-21 44688]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2011-12-21 17384]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2011-12-19 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2011-12-19 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 38144]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-12-21 2938408]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-22 3450832]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 203776]
R2 DLNADB;Dell 1355cn Status Database;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [2011-1-28 90432]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-15 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-15 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-2-14 257344]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [2010-6-15 144672]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-18 2656280]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-12-22 367200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-2-20 245760]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-7-3 57032]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-11-18 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-7 77696]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-11-18 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-18 428136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-12-21 66320]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-11-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-11-18 79360]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-4-15 1014624]
S3 netr7364;Netopia RT73 Wireless Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-01 20:01:40    --------    d-----w-    C:\Temp
2013-08-01 19:32:46    --------    d-----w-    C:\Users\Melanie\AppData\Local\COMODO
2013-08-01 19:21:22    --------    d-----w-    C:\Users\Melanie\FrostWire
2013-08-01 19:19:54    --------    d-----w-    C:\Users\Melanie\.frostwire5
2013-08-01 19:18:08    --------    d-----w-    C:\Program Files (x86)\FrostWire 5
2013-08-01 19:16:28    93976    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll
2013-07-10 05:04:52    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
.
==================== Find3M  ====================
.
2013-06-12 14:23:12    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 14:23:12    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-04 06:00:13    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-04 04:53:07    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-06 06:03:49    1887744    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35    1620480    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 16:18:38.32 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:36 PM

Posted 03 August 2013 - 10:22 AM

Hello melbb,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.
2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
Things to include in your next reply::
AdwCleaner.txt
Roguekiller log
How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 03 August 2013 - 01:34 PM

Thanks for the help! Computer seems to be running the same. Just got a popup about a "security breach" with my e-mail provider, which is no doubt fake. Also, there must be some residual from the conduit hijack because when my computer restarts I get a popup about starting a dll file that can't be found (c:programfiles(x86)\conduit\ct3309758\plugins\tbverifier.dll). And I am getting little ads popping up in the lower right corner of my screen on various web pages, including bleepingcomputer.

 

Here are the logs.

 

# AdwCleaner v2.306 - Logfile created 08/03/2013 at 14:18:10
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Melanie - BEEBE-PC
# Boot Mode : Normal
# Running from : C:\Users\Melanie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ar5d55o2.default-1375386261874\prefs.js

[OK] File is clean.

File : C:\Users\Kirk\AppData\Roaming\Mozilla\Firefox\Profiles\c305q0f9.default\prefs.js

[OK] File is clean.

File : C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\quyiyrcr.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5792 octets] - [01/04/2013 20:39:56]
AdwCleaner[R2].txt - [5659 octets] - [19/05/2013 11:43:50]
AdwCleaner[S1].txt - [5906 octets] - [01/04/2013 20:40:14]
AdwCleaner[S2].txt - [5431 octets] - [19/05/2013 11:44:15]
AdwCleaner[S3].txt - [3299 octets] - [01/08/2013 15:58:55]
AdwCleaner[S4].txt - [1361 octets] - [03/08/2013 14:18:10]

########## EOF - C:\AdwCleaner[S4].txt - [1421 octets] ##########
 

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Melanie [Admin rights]
Mode : Scan -- Date : 08/03/2013 14:29:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 7 ¤¤¤
[V2][SUSP PATH] {38A47DAF-555B-4C14-BADB-A8AFFA3D7B2D} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> FOUND
[V2][SUSP PATH] {665F1DD8-A93D-4EC9-91DB-4B7562CCEA67} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> FOUND
[V2][SUSP PATH] {89488E37-75D5-4676-BA13-ACF63516450F} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> FOUND
[V2][SUSP PATH] {9EBBC4FE-CB37-4B29-8322-0CC97CFA2D66} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> FOUND
[V2][SUSP PATH] {A01C3BF5-AE3C-4BBD-A21A-70E3EA9A6502} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> FOUND
[V2][SUSP PATH] {A96C26F9-FA7C-4DA9-AC74-1DE34AABC541} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> FOUND
[V2][SUSP PATH] {BCD7E449-BAF3-4527-866A-9C026D4664B4} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS723015BLA642 +++++
--- User ---
[MBR] b381357f8a27677cec9cc7367d17d3c5
[BSP] b8d518725af4391077f1737af927c9ce : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 1414313 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08032013_142907.txt >>


Edited by melbb, 03 August 2013 - 01:35 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:36 PM

Posted 04 August 2013 - 11:31 AM

1.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
2.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.



Things to include in your next reply::
Roguekiller log
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 05 August 2013 - 12:01 PM

Here are the logs. Lots of popups about missing files during the combofix scan. I had to keep clicking ok for it to move on to the next stage of scanning. The TDDS scan file is too long to post (40 pages) and too big to attach. Did I do something wrong? It found 4 suspicious objects.

 

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Melanie [Admin rights]
Mode : Remove -- Date : 08/04/2013 17:06:53
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 7 ¤¤¤
[V2][SUSP PATH] {38A47DAF-555B-4C14-BADB-A8AFFA3D7B2D} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> DELETED
[V2][SUSP PATH] {665F1DD8-A93D-4EC9-91DB-4B7562CCEA67} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> DELETED
[V2][SUSP PATH] {89488E37-75D5-4676-BA13-ACF63516450F} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> DELETED
[V2][SUSP PATH] {9EBBC4FE-CB37-4B29-8322-0CC97CFA2D66} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> DELETED
[V2][SUSP PATH] {A01C3BF5-AE3C-4BBD-A21A-70E3EA9A6502} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> DELETED
[V2][SUSP PATH] {A96C26F9-FA7C-4DA9-AC74-1DE34AABC541} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> DELETED
[V2][SUSP PATH] {BCD7E449-BAF3-4527-866A-9C026D4664B4} : C:\Users\Melanie\Desktop\TrueImage11.8101_s_en.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS723015BLA642 +++++
--- User ---
[MBR] b381357f8a27677cec9cc7367d17d3c5
[BSP] b8d518725af4391077f1737af927c9ce : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 1414313 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08042013_170653.txt >>
RKreport[0]_S_08042013_170641.txt


 

 

 

ComboFix 13-08-04.01 - Melanie 08/04/2013  17:33:04.1.8 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8172.6243 [GMT -4:00]
Running from: c:\users\Melanie\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TEMP
.
.
.
c:\windows\system32\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\null.sys . . . is missing!!
.
c:\windows\system32\drivers\afd.sys . . . is missing!!
.
c:\windows\system32\drivers\ndis.sys . . . is missing!!
.
c:\windows\system32\drivers\ndisuio.sys . . . is missing!!
.
c:\windows\system32\drivers\netbios.sys . . . is missing!!
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
c:\windows\system32\drivers\tcpip.sys . . . is missing!!
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
c:\windows\system32\drivers\asyncmac.sys . . . is missing!!
.
c:\windows\system32\drivers\cdrom.sys . . . is missing!!
.
c:\windows\system32\drivers\Serial.sys . . . is missing!!
.
c:\windows\system32\drivers\ndproxy.sys . . . is missing!!
.
c:\windows\system32\drivers\ws2ifsl.sys . . . is missing!!
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
c:\windows\system32\drivers\psched.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MSiSCSI
-------\Service_SessionEnv
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-04 to 2013-08-04  )))))))))))))))))))))))))))))))
.
.
2013-08-04 22:13 . 2013-08-04 22:13    --------    d-----w-    C:\Device
2013-08-01 20:01 . 2013-08-01 20:15    --------    d-----w-    C:\Temp
2013-08-01 19:32 . 2013-08-01 19:32    --------    d-----w-    c:\users\Melanie\AppData\Local\COMODO
2013-08-01 19:21 . 2013-08-01 19:21    --------    d-----w-    c:\users\Melanie\FrostWire
2013-08-01 19:19 . 2013-08-01 19:21    --------    d-----w-    c:\users\Melanie\.frostwire5
2013-08-01 19:18 . 2013-08-01 19:51    --------    d-----w-    c:\program files (x86)\FrostWire 5
2013-08-01 19:16 . 2013-03-12 08:27    93976    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll
2013-08-01 19:14 . 2013-08-01 19:27    --------    d-----w-    c:\program files (x86)\ImgBurn
2013-07-23 02:07 . 2013-07-23 02:07    --------    d-----w-    c:\users\Kirk\AppData\Local\Accelrys
2013-07-10 05:04 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 05:04 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 05:04 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 05:04 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 05:04 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 05:04 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 05:04 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 05:04 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 05:04 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 20:25 . 2010-06-24 18:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 08:08    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 08:08    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 08:08    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 08:08    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 03:43 . 2013-06-12 08:08    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-10 05:49 . 2013-06-12 08:08    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 08:08    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[7] 2013-03-19 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[7] 2013-01-05 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-01-05 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[7] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2011-11-19 . 31C59B0CA08B1203E35D2BA19319279E . 3968368 . . [6.1.7601.17727] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[7] 2011-11-19 . 2EDA0DCCF5F00CDB91A9ECBE45CB0B3D . 3971440 . . [6.1.7601.21863] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2010-11-21 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
.
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
c:\windows\System32\drivers\asyncmac.sys ... is missing !!
c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\drivers\kbdclass.sys ... is missing !!
c:\windows\System32\drivers\ndis.sys ... is missing !!
c:\windows\System32\drivers\ntfs.sys ... is missing !!
c:\windows\System32\drivers\null.sys ... is missing !!
c:\windows\System32\drivers\tcpip.sys ... is missing !!
c:\windows\System32\browser.dll ... is missing !!
c:\windows\System32\lsass.exe ... is missing !!
c:\windows\System32\netman.dll ... is missing !!
c:\windows\System32\qmgr.dll ... is missing !!
c:\windows\System32\rpcss.dll ... is missing !!
c:\windows\System32\services.exe ... is missing !!
c:\windows\System32\spoolsv.exe ... is missing !!
c:\windows\System32\winlogon.exe ... is missing !!
c:\windows\System32\wuauclt.exe ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
c:\windows\System32\sfcfiles.dll ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
c:\windows\System32\schedsvc.dll ... is missing !!
c:\windows\System32\ssdpsrv.dll ... is missing !!
c:\windows\System32\termsrv.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2012-01-04 08:58    442880    ----a-w-    c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-02-14 289600]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-08-06 1370624]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-11-10 5954016]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"IndexSearch"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe" [2010-06-15 46368]
"PaperPort PTD"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe" [2010-06-15 29984]
"PDFHook"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe" [2010-03-06 62752]
"RUNUPDATER"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe" [2010-09-29 465728]
"Dell 1355 MFP Launcher"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe" [2011-01-28 976704]
"Dell 1355 MFP RUN"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe" [2010-09-29 2481472]
"StatusAutoRun"="c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe" [2011-01-28 3789632]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-21 113664]
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2011-12-22 114688]
Photo Frame.lnk - c:\program files (x86)\Northstar\Photo Frame\Photo Frame.exe [2011-4-15 2488912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys --> c:\windows\system32\drivers\amdxata.sys [?]
R0 CLFS;Common Log (CLFS);c:\windows\system32\CLFS.sys --> c:\windows\system32\CLFS.sys [?]
R0 CNG;CNG;c:\windows\system32\Drivers\cng.sys --> c:\windows\system32\Drivers\cng.sys [?]
R0 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys --> c:\windows\system32\drivers\EnumProcessesDriver.sys [?]
R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys --> c:\windows\system32\drivers\fileinfo.sys [?]
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys --> c:\windows\system32\DRIVERS\fltsrv.sys [?]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\system32\DRIVERS\fvevol.sys --> c:\windows\system32\DRIVERS\fvevol.sys [?]
R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys --> c:\windows\system32\drivers\hwpolicy.sys [?]
R0 KSecPkg;KSecPkg;c:\windows\system32\Drivers\ksecpkg.sys --> c:\windows\system32\Drivers\ksecpkg.sys [?]
R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys --> c:\windows\system32\drivers\msisadrv.sys [?]
R0 pcw;Performance Counters for Windows Driver;c:\windows\system32\drivers\pcw.sys --> c:\windows\system32\drivers\pcw.sys [?]
R0 rdyboost;ReadyBoost;c:\windows\system32\drivers\rdyboost.sys --> c:\windows\system32\drivers\rdyboost.sys [?]
R0 spldr;Security Processor Loader Driver;c:\windows\system32\drivers\spldr.sys --> c:\windows\system32\drivers\spldr.sys [?]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys --> c:\windows\system32\drivers\vdrvroot.sys [?]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys --> c:\windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys --> c:\windows\system32\DRIVERS\vsflt61.sys [?]
R0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys --> c:\windows\system32\drivers\volmgr.sys [?]
R0 volmgrx;Dynamic Volume Manager;c:\windows\system32\drivers\volmgrx.sys --> c:\windows\system32\drivers\volmgrx.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [12/21/2011 5:58 PM 26176]
R1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [12/21/2011 5:58 PM 44688]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [12/21/2011 5:58 PM 17384]
R1 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys --> c:\windows\system32\drivers\blbdrive.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys --> c:\windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys --> c:\windows\system32\Drivers\dfsc.sys [?]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys --> c:\windows\system32\drivers\discache.sys [?]
R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys --> c:\windows\system32\drivers\nsiproxy.sys [?]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys --> c:\windows\system32\drivers\rdpencdd.sys [?]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys --> c:\windows\system32\drivers\rdprefmp.sys [?]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys --> c:\windows\system32\DRIVERS\wanarp.sys [?]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys --> c:\windows\system32\DRIVERS\wfplwf.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [12/21/2011 5:58 PM 2938408]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [12/22/2011 11:15 AM 3450832]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 7:19 PM 20992]
R2 DLNADB;Dell 1355cn Status Database;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [1/28/2011 11:32 AM 90432]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 7:19 PM 20992]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
R2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [1/8/2010 9:21 AM 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [4/15/2011 5:15 AM 13336]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe -k NetSvcs [7/13/2009 7:19 PM 20992]
R2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [4/15/2011 5:30 AM 244624]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys --> c:\windows\system32\DRIVERS\lltdio.sys [?]
R2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys --> c:\windows\system32\drivers\luafv.sys [?]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 7:19 PM 20992]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [5/4/2010 3:07 PM 503080]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [7/13/2009 7:19 PM 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2/14/2011 6:17 PM 257344]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [6/15/2010 1:10 AM 144672]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys --> c:\windows\system32\drivers\peauth.sys [?]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [7/13/2009 7:19 PM 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [7/13/2009 7:19 PM 20992]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe --> c:\windows\system32\sppsvc.exe [?]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [11/10/2011 7:49 AM 5890144]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys --> c:\windows\system32\drivers\tcpipreg.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [11/18/2011 6:07 AM 2656280]
R2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [12/13/2009 10:19 PM 76320]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
R2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys --> c:\windows\system32\DRIVERS\afcdp.sys [?]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys --> c:\windows\system32\drivers\AtihdW76.sys [?]
R3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys --> c:\windows\system32\DRIVERS\bowser.sys [?]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2/20/2013 5:45 PM 245760]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys --> c:\windows\system32\drivers\CompositeBus.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys --> c:\windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys --> c:\windows\system32\Drivers\EtronXHCI.sys [?]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
R3 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 7:19 PM 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [7/13/2009 7:19 PM 20992]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys --> c:\windows\system32\drivers\MBfilt64.sys [?]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys --> c:\windows\system32\drivers\mpsdrv.sys [?]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys --> c:\windows\system32\DRIVERS\mrxsmb10.sys [?]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys --> c:\windows\system32\DRIVERS\mrxsmb20.sys [?]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys --> c:\windows\system32\DRIVERS\nwifi.sys [?]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys --> c:\windows\system32\DRIVERS\AgileVpn.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys --> c:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys --> c:\windows\system32\DRIVERS\srv2.sys [?]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys --> c:\windows\system32\DRIVERS\srvnet.sys [?]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys --> c:\windows\system32\DRIVERS\tunnel.sys [?]
R3 umbus;UMBus Enumerator Driver;c:\windows\system32\DRIVERS\umbus.sys --> c:\windows\system32\DRIVERS\umbus.sys [?]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [3/18/2010 3:27 PM 138576]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys --> c:\windows\system32\drivers\1394ohci.sys [?]
S3 a2acc;a2acc;c:\program files (x86)\Emsisoft Anti-Malware\a2accx64.sys [12/21/2011 5:58 PM 66320]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys --> c:\windows\system32\drivers\acpipmi.sys [?]
S3 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys --> c:\windows\system32\drivers\adp94xx.sys [?]
S3 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys --> c:\windows\system32\drivers\adpahci.sys [?]
S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys --> c:\windows\system32\drivers\amdsata.sys [?]
S3 amdsbs;amdsbs;c:\windows\system32\drivers\amdsbs.sys --> c:\windows\system32\drivers\amdsbs.sys [?]
S3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys --> c:\windows\system32\drivers\appid.sys [?]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 7:19 PM 20992]
S3 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys --> c:\windows\system32\drivers\arcsas.sys [?]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbda.sys --> c:\windows\system32\drivers\bxvbda.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys --> c:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [3/2/2011 1:23 AM 183560]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys --> c:\windows\system32\drivers\BrFiltLo.sys [?]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys --> c:\windows\system32\drivers\BrFiltUp.sys [?]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\Drivers\Brserid.sys --> c:\windows\system32\Drivers\Brserid.sys [?]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys --> c:\windows\system32\Drivers\BrSerWdm.sys [?]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys --> c:\windows\system32\Drivers\BrUsbMdm.sys [?]
S3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
S3 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys --> c:\windows\system32\drivers\circlass.sys [?]
S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [7/3/2013 7:39 AM 57032]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [11/18/2011 6:05 AM 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [11/18/2011 6:05 AM 79360]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [7/13/2009 7:19 PM 20992]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys --> c:\windows\system32\drivers\dxgkrnl.sys [?]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\drivers\evbda.sys --> c:\windows\system32\drivers\evbda.sys [?]
S3 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys --> c:\windows\system32\drivers\elxstor.sys [?]
S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys --> c:\windows\system32\drivers\filetrace.sys [?]
S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys --> c:\windows\system32\drivers\FsDepends.sys [?]
S3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [10/12/2010 1:59 PM 206072]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys --> c:\windows\system32\drivers\hcw85cir.sys [?]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys --> c:\windows\system32\drivers\HpSAMD.sys [?]
S3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys --> c:\windows\system32\drivers\iaStorV.sys [?]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys --> c:\windows\system32\drivers\IPMIDrv.sys [?]
S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys --> c:\windows\system32\drivers\msiscsi.sys [?]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [7/13/2009 7:19 PM 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
S3 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys --> c:\windows\system32\drivers\lsi_fc.sys [?]
S3 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys --> c:\windows\system32\drivers\lsi_sas.sys [?]
S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\drivers\lsi_sas2.sys --> c:\windows\system32\drivers\lsi_sas2.sys [?]
S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys --> c:\windows\system32\drivers\lsi_scsi.sys [?]
S3 megasas;megasas;c:\windows\system32\drivers\megasas.sys --> c:\windows\system32\drivers\megasas.sys [?]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys --> c:\windows\system32\DRIVERS\monitor.sys [?]
S3 mpio;mpio;c:\windows\system32\drivers\mpio.sys --> c:\windows\system32\drivers\mpio.sys [?]
S3 msahci;msahci;c:\windows\system32\drivers\msahci.sys --> c:\windows\system32\drivers\msahci.sys [?]
S3 msdsm;msdsm;c:\windows\system32\drivers\msdsm.sys --> c:\windows\system32\drivers\msdsm.sys [?]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys --> c:\windows\system32\drivers\mshidkmdf.sys [?]
S3 MsRPC;MsRPC;c:\windows\system32\drivers\MsRPC.sys --> c:\windows\system32\drivers\MsRPC.sys [?]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\drivers\MTConfig.sys --> c:\windows\system32\drivers\MTConfig.sys [?]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys --> c:\windows\system32\DRIVERS\ndiscap.sys [?]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys --> c:\windows\system32\DRIVERS\netr28x.sys [?]
S3 netr7364;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys --> c:\windows\system32\DRIVERS\netr7364.sys [?]
S3 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys --> c:\windows\system32\drivers\nfrd960.sys [?]
S3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys --> c:\windows\system32\drivers\nvstor.sys [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\SysWOW64\perfhost.exe [7/13/2009 7:11 PM 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 7:19 PM 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [7/13/2009 7:19 PM 20992]
S3 ql2300;ql2300;c:\windows\system32\drivers\ql2300.sys --> c:\windows\system32\drivers\ql2300.sys [?]
S3 ql40xx;ql40xx;c:\windows\system32\drivers\ql40xx.sys --> c:\windows\system32\drivers\ql40xx.sys [?]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\drivers\rdpbus.sys --> c:\windows\system32\drivers\rdpbus.sys [?]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys --> c:\windows\system32\DRIVERS\scfilter.sys [?]
S3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [7/13/2009 7:19 PM 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 7:19 PM 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys --> c:\windows\system32\drivers\sffp_mmc.sys [?]
S3 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys --> c:\windows\system32\drivers\sisraid4.sys [?]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys --> c:\windows\system32\DRIVERS\smb.sys [?]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
S3 stexstor;stexstor;c:\windows\system32\drivers\stexstor.sys --> c:\windows\system32\drivers\stexstor.sys [?]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 7:19 PM 20992]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 7:19 PM 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 7:19 PM 20992]
S3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [11/20/2010 11:24 PM 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys --> c:\windows\system32\DRIVERS\tssecsrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys --> c:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys --> c:\windows\system32\drivers\TsUsbGD.sys [?]
S3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe --> c:\windows\system32\UI0Detect.exe [?]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys --> c:\windows\system32\drivers\uliagpkx.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys --> c:\windows\system32\Drivers\usbaapl64.sys [?]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys --> c:\windows\system32\drivers\usbcir.sys [?]
S3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
S3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys --> c:\windows\system32\drivers\vhdmp.sys [?]
S3 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys --> c:\windows\system32\drivers\vsmraid.sys [?]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\DRIVERS\vwifibus.sys --> c:\windows\system32\DRIVERS\vwifibus.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys --> c:\windows\system32\drivers\wacompen.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe --> c:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbengine;Block Level Backup Engine Service;"c:\windows\system32\wbengine.exe" --> c:\windows\system32\wbengine.exe [?]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [7/13/2009 7:19 PM 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 7:19 PM 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [7/13/2009 7:19 PM 20992]
S3 Wd;Wd;c:\windows\system32\drivers\wd.sys --> c:\windows\system32\drivers\wd.sys [?]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [7/13/2009 7:19 PM 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [7/13/2009 7:19 PM 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [7/13/2009 7:19 PM 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [7/13/2009 7:17 PM 19008]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [7/13/2009 7:19 PM 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [7/13/2009 7:19 PM 20992]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 7:19 PM 20992]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [7/13/2009 4:37 PM 89920]
S4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 7:19 PM 20992]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [9/22/2010 9:10 PM 57184]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch    REG_MULTI_SZ       Power PlugPlay DcomLaunch
wcssvc    REG_MULTI_SZ       WcsPlugInService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
Appinfo
BDESVC
Browser
EapHost
hkmsvc
IKEEXT
MMCSS
ProfSvc
Schedule
seclogon
Themes
wercplsupport
Winmgmt
wuauserv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-07-14 01:14    278528    ----a-w-    c:\windows\System32\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
2009-07-14 01:14    44544    ----a-w-    c:\windows\SysWOW64\rundll32.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 14:23]
.
2013-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core.job
- c:\users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 13:43]
.
2013-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA.job
- c:\users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-22 13:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ar5d55o2.default-1375386261874\
.
.
------- File Associations -------
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-09781095.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - c:\program files (x86)\Windows Mail\WinMail.exe OCInstallUserConfigOE
AddRemove-GetSavin - c:\users\Melanie\AppData\Local\getsavin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 18:14
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != -1733372069, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != -1733303369, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-08-04  18:19:32 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-04 22:19
.
Pre-Run: 753,377,267,712 bytes free
Post-Run: 754,005,291,008 bytes free
.
- - End Of File - - 8C2379410EF7EB1185033D3D8569FC6C
D41D8CD98F00B204E9800998ECF8427E
 

 

 

 


Edited by melbb, 05 August 2013 - 12:05 PM.


#6 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 05 August 2013 - 12:14 PM

I did another TDSS scan and the file was slightly smaller, which was enough to attach it.

 

 

Attached Files


Edited by melbb, 05 August 2013 - 12:16 PM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:36 PM

Posted 05 August 2013 - 02:06 PM

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 05 August 2013 - 03:24 PM

The same. I am not getting the conduit dll file error when the computer restarts. But I am still getting the popup video advertisements in the lower right corner of my browser and get several popups a day when I visit various websites (no correlation) to take surveys. And the fake firefox update popups.



#9 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 05 August 2013 - 03:29 PM

Oh, and if I want to do something like move a file to my desktop, I have started getting a popup saying "file access denied, you'll need to provide administrator permission to move this file". I click continue and then it asks me if I want to allow windows file operation to make changes to my computer and I click yes and then it moves the file. This is all new.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:36 PM

Posted 05 August 2013 - 04:43 PM

Oh, and if I want to do something like move a file to my desktop, I have started getting a popup saying "file access denied, you'll need to provide administrator permission to move this file". I click continue and then it asks me if I want to allow windows file operation to make changes to my computer and I click yes and then it moves the file. This is all new.

 

This is nothing to worry about.

 

 

Do you have a USb Flash Drive you can use?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 05 August 2013 - 06:35 PM

Oh, and if I want to do something like move a file to my desktop, I have started getting a popup saying "file access denied, you'll need to provide administrator permission to move this file". I click continue and then it asks me if I want to allow windows file operation to make changes to my computer and I click yes and then it moves the file. This is all new.

This is nothing to worry about.
 
 
Do you have a USb Flash Drive you can use?

But why is it happening now?

Yes, I have a flash drive.

Also wondering why combo fix said in one of the windows during the scan that volsnap.sys was infected. Just wondering what is going on here.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:36 PM

Posted 06 August 2013 - 05:29 PM

But why is it happening now?

 

It is happening because when combofix runs it put permissions back to the way they where when you first got your computer. Its called User Account Control. Here is how you disable it.

 

 

It was infected and probably fixed. We are dealing with a Zeroaccess Rootkit infection. These sometime are very difficult and time consuming to remove. This is why I am now going to try a different tool and see what it can tell me. thus the need for the USb flash drive.

 

 

 


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 06 August 2013 - 07:05 PM

Here is the log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by SYSTEM on 06-08-2013 19:55:58
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [18432 2010-07-26] (Creative Technology Ltd.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-29] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403096 2011-11-10] (Acronis)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO)
HKLM\...\Run: [combofix] - C:\ComboFix\CF3068.3XE /c C:\ComboFix\Combobatch.bat [x]
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [289600 2011-02-14] (NTI Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1370624 2010-08-06] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5954016 2011-11-10] (Acronis)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Garmin Lifetime Updater] - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe [1466760 2012-06-04] (Garmin)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\IndexSearch.exe [46368 2010-06-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\pptd40nt.exe [29984 2010-06-14] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PDFViewer\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [RUNUPDATER] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Updater\dlu1Aupr.exe [465728 2010-09-29] (Dell Inc.)
HKLM-x32\...\Run: [Dell 1355 MFP Launcher] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Launcher\dlq1Alauncher.exe [976704 2011-01-28] ()
HKLM-x32\...\Run: [Dell 1355 MFP RUN] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1ARun.exe [2481472 2010-09-29] (Dell)
HKLM-x32\...\Run: [StatusAutoRun] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe [3789632 2011-01-28] (Dell Inc.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Audrey\...\Run: [Google Update] - C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-22] (Google Inc.)
HKU\Audrey\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\Audrey\...\Run: [DownloadManager] - "C:\Program Files (x86)\Download Manager\DownloadManager.exe" /as [x]
HKU\Audrey\...\Run: [ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309758\plugins\TBVerifier.dll",RunConduitFloatingPlugin dkjaldeegndmngnahlmdbfnejdobkmil [x]
HKU\Audrey\...\Run: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll",RunConduitFloatingPlugin mfchmfgdaabgdjbcaophikcobddojjoe [x]
HKU\Audrey\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [814472 2013-06-12] (Adobe Systems Incorporated)
HKU\Audrey\...\RunOnce: [TopArcadeHits838] - cmd.exe /c rmdir "C:\Users\Melanie\AppData\Local\TopArcadeHits" /s /q [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits350] - cmd.exe /c rmdir "C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\" /s /q [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits851] - cmd.exe /c reg delete HKCU\Software\AppDataLow\Software\toparcadehitsconfig /f [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits706] - C:\Users\Audrey\AppData\Local\Google\Chrome\Application\chrome.exe -uninstall-extension=gpdgdlcjhlbaphcjmagicjhhgfnkiihp [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits893] - cmd.exe /c rmdir "C:\Users\Melanie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q [x]
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Kirk\...\Run: [Google Update] - C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-22] (Google Inc.)
HKU\Kirk\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\Kirk\...\Run: [DownloadManager] - "C:\Program Files (x86)\Download Manager\DownloadManager.exe" /as [x]
HKU\Kirk\...\Run: [ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309758\plugins\TBVerifier.dll",RunConduitFloatingPlugin dkjaldeegndmngnahlmdbfnejdobkmil [x]
HKU\Kirk\...\Run: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll",RunConduitFloatingPlugin mfchmfgdaabgdjbcaophikcobddojjoe [x]
HKU\Kirk\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [814472 2013-06-12] (Adobe Systems Incorporated)
HKU\Kirk\...\RunOnce: [Application Restart #0] - C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Apl.exe [3789632 2011-01-28] (Dell Inc.)
HKU\Melanie\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll [301264 2012-11-07] (COMODO)

==================== Services (Whitelisted) =================

S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-03] (Emsisoft GmbH)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
S2 DLNADB; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\Status Monitor\dlp1Adb.exe [90432 2011-01-28] ()
S2 NMSAccess; C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe [45056 2005-12-07] ()
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [257344 2011-02-14] (NTI Corporation)
S2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\Dell 1355 Multifunction Color Printer\PaperPort\PDFProFiltSrvPP.exe [144672 2010-06-14] (Nuance Communications, Inc.)
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-10-09] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-10-09] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-04-01] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-04-01] (Emsisoft GmbH)
S1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-10-09] (Emsisoft GmbH)
S1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [44688 2012-10-09] (Emsisoft GmbH)
S1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-04-01] (Emsisoft GmbH)
S1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-04-01] (Emsisoft GmbH)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-03] (Emsisoft GmbH)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-03] (Emsisoft GmbH)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [22736 2012-11-07] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO)
S0 EnumProcessesDriver; C:\Windows\System32\drivers\EnumProcessesDriver.sys [20080 2012-03-02] ()
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO)
S0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2011-12-22] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: eventsystem -> C:\Windows\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: iprip -> No ServiceDLL Path.
NETSVCx32: netman -> C:\Windows\SysWOW64\netman.dll ==> No File.
NETSVCx32: wzcsvc -> No ServiceDLL Path.
NETSVCx32: ip6fwhlp -> No ServiceDLL Path.
NETSVCx32: WmdmPmSN -> No ServiceDLL Path.
NETSVCx32: Appinfo -> C:\Windows\SysWOW64\appinfo.dll ==> No File.
NETSVCx32: BDESVC -> C:\Windows\SysWOW64\bdesvc.dll ==> No File.
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll ==> No File.
NETSVCx32: EapHost -> C:\Windows\SysWOW64\eapsvc.dll ==> No File.
NETSVCx32: hkmsvc -> C:\Windows\SysWOW64\kmsvc.dll ==> No File.
NETSVCx32: IKEEXT -> C:\Windows\SysWOW64\ikeext.dll ==> No File.
NETSVCx32: MMCSS -> C:\Windows\SysWOW64\mmcss.dll ==> No File.
NETSVCx32: ProfSvc -> C:\Windows\SysWOW64\profsvc.dll ==> No File.
NETSVCx32: seclogon -> %windir%\SysWOW64\seclogon.dll ==> No File.
NETSVCx32: wercplsupport -> C:\Windows\SysWOW64\wercplsupport.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-08-06 15:37 - 2013-08-06 15:37 - 01788943 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2013-08-04 14:19 - 2013-08-04 14:19 - 00050506 _____ C:\Users\Melanie\Desktop\ComboFix.txt
2013-08-04 14:13 - 2013-08-04 14:13 - 00000000 ____D C:\Device
2013-08-04 13:29 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-04 13:29 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-04 13:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-04 13:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-04 13:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-04 13:29 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-04 13:29 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-04 13:26 - 2013-08-04 14:19 - 00000000 ____D C:\Qoobox
2013-08-04 13:26 - 2013-08-04 14:17 - 00000000 ____D C:\Windows\erdnt
2013-08-04 13:21 - 2013-08-04 13:21 - 05099708 ____R (Swearware) C:\Users\Melanie\Desktop\ComboFix.exe
2013-08-04 13:09 - 2013-08-04 13:09 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Melanie\Desktop\tdsskiller.exe
2013-08-04 13:06 - 2013-08-04 13:06 - 00002785 _____ C:\Users\Melanie\Desktop\RKreport[0]_D_08042013_170653.txt
2013-08-03 10:18 - 2013-08-03 10:18 - 00001490 _____ C:\AdwCleaner[S4].txt
2013-08-03 10:16 - 2013-08-03 10:16 - 00916992 _____ C:\Users\Melanie\Desktop\RogueKiller.exe
2013-08-03 10:15 - 2013-08-03 10:15 - 00666633 _____ C:\Users\Melanie\Desktop\adwcleaner.exe
2013-08-02 12:09 - 2013-08-02 12:09 - 00688992 ____R (Swearware) C:\Users\Melanie\Desktop\dds.com
2013-08-01 11:58 - 2013-08-01 11:59 - 00003299 _____ C:\AdwCleaner[S3].txt
2013-08-01 11:58 - 2013-08-01 11:58 - 00666633 _____ C:\Users\Melanie\Downloads\AdwCleaner(1).exe
2013-08-01 11:51 - 2013-08-01 11:51 - 00001921 _____ C:\Users\Public\Desktop\Cheetah DVD Burner.lnk
2013-08-01 11:51 - 2011-01-25 16:31 - 06088192 _____ C:\Windows\SysWOW64\vid_trans2.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00909312 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscommpgadec.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00731136 _____ C:\Windows\SysWOW64\vid_format2.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00438272 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscommpgdec.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00372736 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomsplitter.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00266240 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\VideoEdit.ocx
2013-08-01 11:51 - 2011-01-25 16:31 - 00221696 _____ C:\Windows\SysWOW64\vid_conv2.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00212992 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomflvdec.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00075264 _____ C:\Windows\SysWOW64\vid_core2.dll
2013-08-01 11:51 - 2011-01-25 16:31 - 00069560 _____ C:\Windows\SysWOW64\vid_multi2.dll
2013-08-01 11:51 - 2009-10-09 11:33 - 00335872 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\dvdauthor.ocx
2013-08-01 11:51 - 2009-06-23 17:39 - 00086016 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomframe.dll
2013-08-01 11:51 - 2009-02-20 14:24 - 00135168 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomrmencoder.dll
2013-08-01 11:51 - 2009-01-09 19:53 - 00339968 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomqtde.dll
2013-08-01 11:51 - 2008-11-09 19:20 - 00159744 _____ C:\Windows\SysWOW64\viscomtran.dll
2013-08-01 11:51 - 2008-11-01 10:20 - 01470464 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscommpgenc.dll
2013-08-01 11:51 - 2008-08-09 02:07 - 00098304 _____ (Viscom Software) C:\Windows\SysWOW64\viscomaudiodata.dll
2013-08-01 11:51 - 2008-07-30 02:23 - 02078952 _____ (Rocket Division Software) C:\Windows\SysWOW64\starburnx.dll
2013-08-01 11:51 - 2008-07-30 02:19 - 00054612 _____ C:\Windows\SysWOW64\starburnx.tlb
2013-08-01 11:51 - 2008-05-12 12:27 - 00172032 _____ C:\Windows\SysWOW64\viscomgifenc.dll
2013-08-01 11:51 - 2008-04-17 06:14 - 00233472 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomdvdimg.dll
2013-08-01 11:51 - 2007-08-08 23:26 - 00028160 _____ C:\Windows\SysWOW64\img_utils.dll
2013-08-01 11:51 - 2007-08-08 23:25 - 00154624 _____ C:\Windows\SysWOW64\imgscaler.dll
2013-08-01 11:51 - 2007-06-28 02:43 - 00143360 _____ (Viscom Software www.viscomsoft.com) C:\Windows\SysWOW64\viscomqtenc.dll
2013-08-01 11:51 - 2007-02-27 03:13 - 06963712 _____ C:\Windows\SysWOW64\videotrans.dll
2013-08-01 11:51 - 2007-02-27 03:13 - 00452608 _____ C:\Windows\SysWOW64\videoformat.dll
2013-08-01 11:51 - 2007-02-27 03:13 - 00019456 _____ C:\Windows\SysWOW64\videocore.dll
2013-08-01 11:51 - 2006-12-05 12:19 - 00110592 _____ (Viscom Software) C:\Windows\SysWOW64\viscomaudioencoder.dll
2013-08-01 11:51 - 2006-11-06 11:30 - 00262144 _____ C:\Windows\SysWOW64\lame_enc.dll
2013-08-01 11:51 - 2003-08-19 15:31 - 00081920 _____ (Viscom Software) C:\Windows\SysWOW64\viscomwave.dll
2013-08-01 11:48 - 2013-08-01 11:49 - 20190120 _____ (Cheetah Websites Corporation) C:\Users\Melanie\Downloads\CheetahDVDBurner.exe
2013-08-01 11:32 - 2013-08-01 11:32 - 00000000 ____D C:\Users\Melanie\AppData\Local\COMODO
2013-08-01 11:18 - 2013-08-01 11:51 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2013-08-01 11:14 - 2013-08-01 11:27 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-07-26 02:31 - 2013-07-26 02:37 - 03562102 _____ C:\Users\Kirk\Desktop\websiite figure idea_07232013_c.pptx
2013-07-26 02:00 - 2013-07-26 02:00 - 01147940 _____ C:\Users\Kirk\Desktop\website photo collage_correct color.psd
2013-07-24 19:50 - 2013-07-24 19:50 - 04529065 _____ C:\Users\Kirk\Desktop\sepsis.pptx
2013-07-24 18:49 - 2013-07-24 19:50 - 00000000 ____D C:\Users\Kirk\Desktop\sepsis
2013-07-23 19:58 - 2013-07-23 20:18 - 00512548 _____ C:\Users\Kirk\Desktop\website photo collage2.psd
2013-07-23 19:49 - 2013-07-23 20:24 - 03995327 _____ C:\Users\Kirk\Desktop\websiite figure idea_07232013_b.pptx
2013-07-23 19:20 - 2013-07-23 19:20 - 00853545 _____ C:\Users\Kirk\Desktop\website photo collage.psd
2013-07-23 18:27 - 2013-07-26 02:31 - 03561931 _____ C:\Users\Kirk\Desktop\websiite figure idea_07232013.pptx
2013-07-22 18:59 - 2013-07-22 18:59 - 02057216 _____ C:\Users\Kirk\Desktop\metabolites.dsv
2013-07-22 18:07 - 2013-07-22 18:07 - 00000000 ____D C:\Users\Kirk\AppData\Local\Accelrys
2013-07-18 21:41 - 2013-07-18 21:41 - 34702513 _____ (inkscape.org) C:\Users\Kirk\Downloads\inkscape-0.48.4-1-win32.exe
2013-07-18 21:20 - 2013-07-22 19:35 - 03211047 _____ C:\Users\Kirk\Desktop\websiite figure idea_todays flavor.pptx
2013-07-18 20:57 - 2013-07-18 21:21 - 00101374 _____ C:\Users\Kirk\Desktop\Untitled-1.psd
2013-07-17 18:24 - 2013-07-23 20:17 - 04176056 _____ C:\Users\Kirk\Desktop\websiite figure idea.pptx
2013-07-16 21:24 - 2013-07-16 21:25 - 00050830 _____ C:\Users\Kirk\Desktop\landscape.pptx
2013-07-16 20:56 - 2013-07-16 20:56 - 12941791 _____ C:\Users\Kirk\Desktop\web brief bioprocessing.pptx
2013-07-10 18:22 - 2013-07-11 19:16 - 00012839 _____ C:\Users\Kirk\Desktop\microbime table.xlsx
2013-07-09 23:07 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-09 23:07 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-09 23:07 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-09 23:07 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-09 23:07 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-09 23:07 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-09 23:07 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-09 23:07 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-09 23:07 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-09 23:07 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-09 23:07 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-09 23:07 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-09 23:07 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-09 23:07 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-09 23:07 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-09 23:07 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-09 23:07 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-09 23:07 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-09 23:07 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-09 23:07 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-09 23:07 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-09 23:07 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-09 21:04 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-09 21:04 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 21:04 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-09 21:04 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 21:04 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-09 21:04 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-09 21:04 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
132

==================== One Month Modified Files and Folders =======

2013-08-06 19:55 - 2013-08-06 19:55 - 00000000 ____D C:\FRST
2013-08-06 15:50 - 2013-01-30 16:13 - 00005140 _____ C:\Windows\setupact.log
2013-08-06 15:50 - 2011-12-21 15:01 - 01474832 _____ C:\Windows\System32\Drivers\sfi.dat
2013-08-06 15:50 - 2011-12-21 13:58 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-06 15:50 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 15:47 - 2011-11-18 01:56 - 01190420 _____ C:\Windows\WindowsUpdate.log
2013-08-06 15:39 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-06 15:38 - 2012-01-23 13:59 - 00000000 ____D C:\Users\Melanie\AppData\Roaming\.oit
2013-08-06 15:37 - 2013-08-06 15:37 - 01788943 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2013-08-06 15:23 - 2012-08-16 06:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 14:57 - 2011-12-22 05:43 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA.job
2013-08-06 13:57 - 2011-12-22 05:43 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core.job
2013-08-05 13:12 - 2011-12-21 12:35 - 00000000 ____D C:\users\Melanie
2013-08-05 13:09 - 2011-12-21 13:07 - 00000000 ____D C:\Users\Melanie\Documents\WePrint
2013-08-05 09:14 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 09:14 - 2009-07-13 20:45 - 00016976 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-04 14:28 - 2011-12-22 04:28 - 00000000 ____D C:\Users\Melanie\Documents\Resumes
2013-08-04 14:19 - 2013-08-04 14:19 - 00050506 _____ C:\Users\Melanie\Desktop\ComboFix.txt
2013-08-04 14:19 - 2013-08-04 13:26 - 00000000 ____D C:\Qoobox
2013-08-04 14:19 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2013-08-04 14:17 - 2013-08-04 13:26 - 00000000 ____D C:\Windows\erdnt
2013-08-04 14:14 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-08-04 14:13 - 2013-08-04 14:13 - 00000000 ____D C:\Device
2013-08-04 14:13 - 2013-01-30 16:13 - 00014512 _____ C:\Windows\PFRO.log
2013-08-04 14:13 - 2009-07-13 18:34 - 71303168 _____ C:\Windows\System32\config\SOFTWARE.bak
2013-08-04 14:13 - 2009-07-13 18:34 - 25165824 _____ C:\Windows\System32\config\SYSTEM.bak
2013-08-04 14:13 - 2009-07-13 18:34 - 00524288 _____ C:\Windows\System32\config\DEFAULT.bak
2013-08-04 14:13 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
2013-08-04 14:13 - 2009-07-13 18:34 - 00262144 _____ C:\Windows\System32\config\SAM.bak
2013-08-04 13:21 - 2013-08-04 13:21 - 05099708 ____R (Swearware) C:\Users\Melanie\Desktop\ComboFix.exe
2013-08-04 13:09 - 2013-08-04 13:09 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Melanie\Desktop\tdsskiller.exe
2013-08-04 13:06 - 2013-08-04 13:06 - 00002785 _____ C:\Users\Melanie\Desktop\RKreport[0]_D_08042013_170653.txt
2013-08-03 10:18 - 2013-08-03 10:18 - 00001490 _____ C:\AdwCleaner[S4].txt
2013-08-03 10:16 - 2013-08-03 10:16 - 00916992 _____ C:\Users\Melanie\Desktop\RogueKiller.exe
2013-08-03 10:15 - 2013-08-03 10:15 - 00666633 _____ C:\Users\Melanie\Desktop\adwcleaner.exe
2013-08-02 12:09 - 2013-08-02 12:09 - 00688992 ____R (Swearware) C:\Users\Melanie\Desktop\dds.com
2013-08-01 12:14 - 2011-12-22 05:53 - 00000000 ____D C:\Users\Melanie\Desktop\New Photo Uploads
2013-08-01 12:01 - 2011-12-21 13:58 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-08-01 11:59 - 2013-08-01 11:58 - 00003299 _____ C:\AdwCleaner[S3].txt
2013-08-01 11:58 - 2013-08-01 11:58 - 00666633 _____ C:\Users\Melanie\Downloads\AdwCleaner(1).exe
2013-08-01 11:51 - 2013-08-01 11:51 - 00001921 _____ C:\Users\Public\Desktop\Cheetah DVD Burner.lnk
2013-08-01 11:51 - 2013-08-01 11:18 - 00000000 ____D C:\Program Files (x86)\FrostWire 5
2013-08-01 11:51 - 2011-04-15 01:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-01 11:49 - 2013-08-01 11:48 - 20190120 _____ (Cheetah Websites Corporation) C:\Users\Melanie\Downloads\CheetahDVDBurner.exe
2013-08-01 11:43 - 2013-04-01 13:38 - 00000000 ____D C:\Users\Melanie\AppData\Local\CRE
2013-08-01 11:32 - 2013-08-01 11:32 - 00000000 ____D C:\Users\Melanie\AppData\Local\COMODO
2013-08-01 11:27 - 2013-08-01 11:14 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2013-08-01 11:16 - 2011-12-22 05:12 - 00000000 ____D C:\Users\Melanie\AppData\Local\CrashDumps
2013-08-01 06:36 - 2012-01-02 09:34 - 00071784 _____ C:\Users\Audrey\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-31 12:59 - 2011-12-22 05:44 - 00002386 _____ C:\Users\Melanie\Desktop\Google Chrome.lnk
2013-07-26 02:37 - 2013-07-26 02:31 - 03562102 _____ C:\Users\Kirk\Desktop\websiite figure idea_07232013_c.pptx
2013-07-26 02:31 - 2013-07-23 18:27 - 03561931 _____ C:\Users\Kirk\Desktop\websiite figure idea_07232013.pptx
2013-07-26 02:00 - 2013-07-26 02:00 - 01147940 _____ C:\Users\Kirk\Desktop\website photo collage_correct color.psd
2013-07-24 20:11 - 2012-01-21 11:25 - 00000000 ____D C:\Users\Kirk\AppData\Local\CrashDumps
2013-07-24 19:50 - 2013-07-24 19:50 - 04529065 _____ C:\Users\Kirk\Desktop\sepsis.pptx
2013-07-24 19:50 - 2013-07-24 18:49 - 00000000 ____D C:\Users\Kirk\Desktop\sepsis
2013-07-23 20:24 - 2013-07-23 19:49 - 03995327 _____ C:\Users\Kirk\Desktop\websiite figure idea_07232013_b.pptx
2013-07-23 20:18 - 2013-07-23 19:58 - 00512548 _____ C:\Users\Kirk\Desktop\website photo collage2.psd
2013-07-23 20:17 - 2013-07-17 18:24 - 04176056 _____ C:\Users\Kirk\Desktop\websiite figure idea.pptx
2013-07-23 19:20 - 2013-07-23 19:20 - 00853545 _____ C:\Users\Kirk\Desktop\website photo collage.psd
2013-07-22 19:35 - 2013-07-18 21:20 - 03211047 _____ C:\Users\Kirk\Desktop\websiite figure idea_todays flavor.pptx
2013-07-22 18:59 - 2013-07-22 18:59 - 02057216 _____ C:\Users\Kirk\Desktop\metabolites.dsv
2013-07-22 18:07 - 2013-07-22 18:07 - 00000000 ____D C:\Users\Kirk\AppData\Local\Accelrys
2013-07-22 07:08 - 2011-12-22 04:27 - 00000000 ____D C:\Users\Melanie\Documents\Ebay
2013-07-18 21:41 - 2013-07-18 21:41 - 34702513 _____ (inkscape.org) C:\Users\Kirk\Downloads\inkscape-0.48.4-1-win32.exe
2013-07-18 21:21 - 2013-07-18 20:57 - 00101374 _____ C:\Users\Kirk\Desktop\Untitled-1.psd
2013-07-16 21:25 - 2013-07-16 21:24 - 00050830 _____ C:\Users\Kirk\Desktop\landscape.pptx
2013-07-16 20:56 - 2013-07-16 20:56 - 12941791 _____ C:\Users\Kirk\Desktop\web brief bioprocessing.pptx
2013-07-14 10:25 - 2011-12-22 04:30 - 00000000 ____D C:\Users\Melanie\Documents\RECIPES
2013-07-12 13:52 - 2011-12-22 05:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000UA
2013-07-12 13:52 - 2011-12-22 05:43 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2752660347-3678198734-3739959177-1000Core
2013-07-11 19:16 - 2013-07-10 18:22 - 00012839 _____ C:\Users\Kirk\Desktop\microbime table.xlsx
2013-07-10 06:40 - 2013-05-23 07:58 - 00000000 ____D C:\Users\Melanie\Desktop\New folder
2013-07-09 23:31 - 2009-07-13 20:45 - 00326128 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-09 23:30 - 2013-03-12 23:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-09 23:30 - 2013-03-12 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-09 23:29 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-09 23:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 23:29 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-09 23:08 - 2011-12-23 09:43 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-09 23:02 - 2011-12-21 14:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-07 14:34 - 2012-06-07 14:03 - 00044032 _____ C:\Users\Melanie\Desktop\2013Worksheet.xls
2013-07-07 12:49 - 2011-12-22 04:29 - 00000000 ____D C:\Users\Melanie\Documents\Taxes

Files to move or delete:
====================
C:\Users\Melanie\dummy1.dat

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-17 20:01:20
Restore point made on: 2013-07-24 21:04:26
Restore point made on: 2013-08-01 14:36:41
Restore point made on: 2013-08-04 13:30:14

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8172.28 MB
Available physical RAM: 7232.26 MB
Total Pagefile: 8170.48 MB
Available Pagefile: 7224.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:1381.17 GB) (Free:701.77 GB) NTFS (Disk=0 Partition=3)
Drive e: (PQSERVICE) (Fixed) (Total:16 GB) (Free:5.15 GB) NTFS (Disk=0 Partition=1)
Drive g: () (Removable) (Total:0.48 GB) (Free:0.28 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 92815A8C)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-716008587264) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 494 MB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=494 MB) - (Type=04)


LastRegBack: 2013-08-01 20:39

==================== End Of Log ============================



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:36 PM

Posted 07 August 2013 - 05:36 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Audrey\...\RunOnce: [TopArcadeHits838] - cmd.exe /c rmdir "C:\Users\Melanie\AppData\Local\TopArcadeHits" /s /q [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits350] - cmd.exe /c rmdir "C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits\" /s /q [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits851] - cmd.exe /c reg delete HKCU\Software\AppDataLow\Software\toparcadehitsconfig /f [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits706] - C:\Users\Audrey\AppData\Local\Google\Chrome\Application\chrome.exe -uninstall-extension=gpdgdlcjhlbaphcjmagicjhhgfnkiihp [x]
HKU\Audrey\...\RunOnce: [TopArcadeHits893] - cmd.exe /c rmdir "C:\Users\Melanie\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}" /s /q [x]
HKU\Audrey\...\Run: [ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309758\plugins\TBVerifier.dll",RunConduitFloatingPlugin dkjaldeegndmngnahlmdbfnejdobkmil [x]
HKU\Audrey\...\Run: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll",RunConduitFloatingPlugin mfchmfgdaabgdjbcaophikcobddojjoe [x]
HKU\Kirk\...\Run: [ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3309758\plugins\TBVerifier.dll",RunConduitFloatingPlugin dkjaldeegndmngnahlmdbfnejdobkmil [x]
HKU\Kirk\...\Run: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3298573\plugins\TBVerifier.dll",RunConduitFloatingPlugin mfchmfgdaabgdjbcaophikcobddojjoe [x]
C:\Users\Melanie\dummy1.dat
 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

 

Can you please tell me if your still having problems with your browser? Is it in all your  Browsers?  Or just Firefox or Chrome or Internet Explorer?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 melbb

melbb
  • Topic Starter

  • Members
  • 194 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:36 PM

Posted 07 August 2013 - 07:40 PM

I haven't used other browsers. I can explore that when I get a chance.  I am still getting the popups for surveys and bogus security risks. And the fake firefox update window. Seem to be getting fewer of the advertisement videos, but still getting them.

 

Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-08-2013
Ran by SYSTEM at 2013-08-07 20:36:45 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKU\Audrey\Software\Microsoft\Windows\CurrentVersion\RunOnce\\TopArcadeHits838 => Value deleted successfully.
HKU\Audrey\Software\Microsoft\Windows\CurrentVersion\RunOnce\\TopArcadeHits350 => Value deleted successfully.
HKU\Audrey\Software\Microsoft\Windows\CurrentVersion\RunOnce\\TopArcadeHits851 => Value deleted successfully.
HKU\Audrey\Software\Microsoft\Windows\CurrentVersion\RunOnce\\TopArcadeHits706 => Value deleted successfully.
HKU\Audrey\Software\Microsoft\Windows\CurrentVersion\RunOnce\\TopArcadeHits893 => Value deleted successfully.
HKU\Audrey\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil => Value deleted successfully.
HKU\Audrey\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe => Value deleted successfully.
HKU\Kirk\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_dkjaldeegndmngnahlmdbfnejdobkmil => Value deleted successfully.
HKU\Kirk\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe => Value deleted successfully.
C:\Users\Melanie\dummy1.dat => Moved successfully.

==== End of Fixlog ====


Edited by melbb, 07 August 2013 - 07:49 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users