Cashmann
-
Posts
8 -
Joined
-
Last visited
-
Mr. C. .... I just did about 15 random searches with no mis-directed searches, what I searched for is what came up. Also, it appears that the computer is slightly faster. So, it appears that her computer is functioning correctly. Do I need to update anything? Java, flash player, etc. I am suggesting that she no longer use internet explorer and she is now using Google Chrome. I need to check to see if there are any Windows 7 updates, didn't want to do that till we got rid of the virus/trojon horses. Do I also need to remove the dianostic programs I downloaded? She spends a lot of time on Facebook/farmville. Do you suggest any extra precautions? One other note, along with Malwarebytes, AVG antivirus, I have the Windows 7 firewall turned on. Is that sufficient? Thanks again.....Darryl
-
Let me repost the combofix report and malware report again...... COMBOFIX REPORT: ComboFix 12-03-02.01 - Darlene 03/03/2012 12:02:18.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2942.1982 [GMT -6:00] Running from: c:\users\Darlene\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\LP c:\program files (x86)\LP\EF2A\36CF.tmp c:\program files (x86)\LP\EF2A\878B.tmp c:\program files (x86)\LP\EF2A\98BE.tmp c:\program files (x86)\LP\EF2A\AA96.tmp c:\programdata\~zCxZvAkflklsr3 c:\programdata\~zCxZvAkflklsr3r c:\programdata\zCxZvAkflklsr3 c:\users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check . . ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 ))))))))))))))))))))))))))))))) . . 2012-03-03 18:10 . 2012-03-03 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-02 02:51 . 2012-03-02 02:51 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-27 03:23 . 2012-02-27 03:23 -------- d-----w- c:\users\Darlene\New folder 2012-02-27 00:41 . 2012-02-27 00:41 -------- d-----w- c:\program files (x86)\alotappbar 2012-02-27 00:41 . 2012-02-27 00:41 -------- d-----w- c:\users\Darlene\AppData\Local\DownloadManager 2012-02-27 00:41 . 2012-02-27 00:41 -------- d-----w- c:\program files (x86)\Download Manager 2012-02-26 17:14 . 2012-02-26 17:14 -------- d-----w- c:\program files (x86)\Application Updater 2012-02-26 17:14 . 2012-02-26 17:14 -------- d-----w- c:\program files (x86)\IObit Toolbar 2012-02-26 17:14 . 2012-02-26 17:14 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-02-26 17:04 . 2012-02-26 17:04 -------- d-----w- c:\programdata\IObit 2012-02-26 17:04 . 2012-02-26 18:52 -------- d-----w- c:\users\Darlene\AppData\Roaming\IObit 2012-02-26 17:04 . 2012-02-26 17:13 -------- d-----w- c:\program files (x86)\IObit 2012-02-23 23:35 . 2012-02-23 23:35 -------- d-----w- c:\program files\Google 2012-02-23 23:34 . 2012-02-23 23:35 -------- d-----w- c:\program files (x86)\Google 2012-02-23 23:34 . 2012-02-23 23:34 -------- d-----w- c:\windows\system32\Macromed 2012-02-19 09:13 . 2012-02-19 09:13 -------- d-----w- C:\$AVG 2012-02-19 00:52 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-19 00:52 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-19 00:52 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-19 00:52 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-18 20:16 . 2012-02-18 20:16 -------- d-----w- c:\users\Darlene\AppData\Roaming\AVG2012 2012-02-18 20:15 . 2012-02-18 20:15 -------- d--h--w- c:\programdata\Common Files 2012-02-18 20:15 . 2012-02-18 20:15 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-02-18 20:14 . 2012-03-03 14:14 -------- d-----w- c:\windows\system32\drivers\AVG 2012-02-18 20:14 . 2012-02-18 20:30 -------- d-----w- c:\programdata\AVG2012 2012-02-18 20:13 . 2012-02-18 20:13 -------- d-----w- c:\program files (x86)\AVG 2012-02-18 20:12 . 2012-03-03 14:14 -------- d-----w- c:\programdata\MFAData 2012-02-18 16:47 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-18 16:46 . 2012-02-18 16:46 -------- d-----w- c:\windows\SysWow64\Adobe 2012-02-18 16:44 . 2012-02-18 16:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-02-18 16:40 . 2012-02-18 16:40 -------- d-----w- c:\program files\CCleaner 2012-02-18 15:47 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6BDED63-7DCF-48C3-AAFC-D336D929D82C}\mpengine.dll 2012-02-18 15:27 . 2012-02-18 15:43 -------- d-----w- c:\users\Admin 2012-02-17 14:22 . 2012-02-18 15:43 -------- d-----w- c:\users\Darlene\AppData\Roaming\23954 2012-02-17 14:21 . 2012-02-18 15:43 -------- d-----w- c:\users\Darlene\AppData\Roaming\A0A23 2012-02-17 05:15 . 2012-02-18 15:43 -------- d-----w- c:\program files (x86)\23954 2012-02-16 18:26 . 2012-02-16 18:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5A73.tmp 2012-02-16 18:26 . 2012-02-16 18:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5A53.tmp 2012-02-06 22:41 . 2005-05-26 21:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll 2012-02-06 22:41 . 2005-05-26 21:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll 2012-02-06 22:39 . 2012-02-18 15:36 -------- d-----w- c:\users\Public\Phantom EFX 2012-02-06 19:58 . 2012-02-06 19:58 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-02-06 05:51 . 2012-02-06 05:51 -------- d-----w- c:\windows\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 23:34 . 2011-08-17 17:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 00:47 . 2012-01-31 00:47 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA72.tmp 2012-01-31 00:47 . 2012-01-31 00:47 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA61.tmp 2012-01-27 06:52 . 2009-10-30 21:21 279656 ----a-w- c:\windows\system32\MpSigStub.exe 2011-12-07 23:17 . 2011-12-07 23:17 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}] 2012-02-15 17:47 48488 ----a-w- c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}] 2009-11-25 17:47 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [2012-02-15 48488] . [HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-23 39408] "DownloadManager"="c:\program files (x86)\Download Manager\DownloadManager.exe" [2012-02-27 654336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-09-18 967168] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-30 149280] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34] . 2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34] . 2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001Core.job - c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37] . 2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001UA.job - c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37] . 2012-02-23 c:\windows\Tasks\HPCeeScheduleForDarlene.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15] . 2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.pogo.com/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt mLocal Page = c:\windows\SysWOW64\blank.htm uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=AAF00B3001CCF4E800D9CE4A&src_id=30504&camp_id=3906&tb_version=1.1.3001.0(B) IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Brownie\brpjp04a.exe . ************************************************************************** . Completion time: 2012-03-03 12:20:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-03 18:20 . Pre-Run: 429,059,964,928 bytes free Post-Run: 429,296,713,728 bytes free . - - End Of File - - F6F20D961E21F5CB877F61B0DA730DDB MALWARE BYTES REPORT Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.03.07 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Darlene :: DARLENE-PC [administrator] 3/3/2012 12:33:45 PM mbam-log-2012-03-03 (12-33-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221859 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Sorry for the confusion.......Darryl
-
Some how, some way, my comments at the end of the last post got put into the end of the malwarebytes report!! I meant to say: Malwarebytes completed the quick scan with no objects detected and also during the scan AVG antivirus DID NOT pop up with any threats detected like it did before. Does this mean that it is clean???? Thanks so much for your help... Darryl
-
<p>Mr. C....we were more fortunate than others in these last storms that had tornados, we suffered no damage in our area. Combofix turned out to be a tempermental program. At first it would not run on the computer...not compatible with windows 7. Re downloaded it and it ran successfully. AVG antivirus can only be turned off for a maximum of 15 minutes, during the combofix scan AVG turned itself back on. Combofix completed the scan....here is the report:</p> <p> </p> <p> </p> <p> </p> <div>ComboFix 12-03-02.01 - Darlene 03/03/2012 12:02:18.1.2 - x64</div> <div>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2942.1982 [GMT -6:00]</div> <div>Running from: c:\users\Darlene\Desktop\ComboFix.exe</div> <div>AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}</div> <div>SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}</div> <div>SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>c:\program files (x86)\LP</div> <div>c:\program files (x86)\LP\EF2A\36CF.tmp</div> <div>c:\program files (x86)\LP\EF2A\878B.tmp</div> <div>c:\program files (x86)\LP\EF2A\98BE.tmp</div> <div>c:\program files (x86)\LP\EF2A\AA96.tmp</div> <div>c:\programdata\~zCxZvAkflklsr3</div> <div>c:\programdata\~zCxZvAkflklsr3r</div> <div>c:\programdata\zCxZvAkflklsr3</div> <div>c:\users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-03-03 18:10 . 2012-03-03 18:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-03-02 02:51 . 2012-03-02 02:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div> <div>2012-02-27 03:23 . 2012-02-27 03:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\New folder</div> <div>2012-02-27 00:41 . 2012-02-27 00:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\alotappbar</div> <div>2012-02-27 00:41 . 2012-02-27 00:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Local\DownloadManager</div> <div>2012-02-27 00:41 . 2012-02-27 00:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Download Manager</div> <div>2012-02-26 17:14 . 2012-02-26 17:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Application Updater</div> <div>2012-02-26 17:14 . 2012-02-26 17:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\IObit Toolbar</div> <div>2012-02-26 17:14 . 2012-02-26 17:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Spigot</div> <div>2012-02-26 17:04 . 2012-02-26 17:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\IObit</div> <div>2012-02-26 17:04 . 2012-02-26 18:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\IObit</div> <div>2012-02-26 17:04 . 2012-02-26 17:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\IObit</div> <div>2012-02-23 23:35 . 2012-02-23 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google</div> <div>2012-02-23 23:34 . 2012-02-23 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Google</div> <div>2012-02-23 23:34 . 2012-02-23 23:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Macromed</div> <div>2012-02-19 09:13 . 2012-02-19 09:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$AVG</div> <div>2012-02-19 00:52 . 2012-01-04 09:58<span class="Apple-tab-span" style="white-space:pre"> </span>509952<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntshrui.dll</div> <div>2012-02-19 00:52 . 2012-01-04 09:03<span class="Apple-tab-span" style="white-space:pre"> </span>442880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ntshrui.dll</div> <div>2012-02-19 00:52 . 2012-01-03 06:24<span class="Apple-tab-span" style="white-space:pre"> </span>515584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\timedate.cpl</div> <div>2012-02-19 00:52 . 2012-01-03 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\timedate.cpl</div> <div>2012-02-18 20:16 . 2012-02-18 20:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\AVG2012</div> <div>2012-02-18 20:15 . 2012-02-18 20:15<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div> <div>2012-02-18 20:15 . 2012-02-18 20:15<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\drivers\AVG</div> <div>2012-02-18 20:14 . 2012-03-03 14:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\AVG</div> <div>2012-02-18 20:14 . 2012-02-18 20:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG2012</div> <div>2012-02-18 20:13 . 2012-02-18 20:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\AVG</div> <div>2012-02-18 20:12 . 2012-03-03 14:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div> <div>2012-02-18 16:47 . 2011-12-10 21:24<span class="Apple-tab-span" style="white-space:pre"> </span>23152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-02-18 16:46 . 2012-02-18 16:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\Adobe</div> <div>2012-02-18 16:44 . 2012-02-18 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Adobe</div> <div>2012-02-18 16:40 . 2012-02-18 16:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div> <div>2012-02-18 15:47 . 2012-01-06 05:15<span class="Apple-tab-span" style="white-space:pre"> </span>8602168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6BDED63-7DCF-48C3-AAFC-D336D929D82C}\mpengine.dll</div> <div>2012-02-18 15:27 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Admin</div> <div>2012-02-17 14:22 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\23954</div> <div>2012-02-17 14:21 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\A0A23</div> <div>2012-02-17 05:15 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\23954</div> <div>2012-02-16 18:26 . 2012-02-16 18:26<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\5A73.tmp</div> <div>2012-02-16 18:26 . 2012-02-16 18:26<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\5A53.tmp</div> <div>2012-02-06 22:41 . 2005-05-26 21:34<span class="Apple-tab-span" style="white-space:pre"> </span>3767504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3dx9_26.dll</div> <div>2012-02-06 22:41 . 2005-05-26 21:34<span class="Apple-tab-span" style="white-space:pre"> </span>2297552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\d3dx9_26.dll</div> <div>2012-02-06 22:39 . 2012-02-18 15:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Public\Phantom EFX</div> <div>2012-02-06 19:58 . 2012-02-06 19:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}</div> <div>2012-02-06 05:51 . 2012-02-06 05:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\Sun</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-02-23 23:34 . 2011-08-17 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div> <div>2012-01-31 00:47 . 2012-01-31 00:47<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\BA72.tmp</div> <div>2012-01-31 00:47 . 2012-01-31 00:47<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\BA61.tmp</div> <div>2012-01-27 06:52 . 2009-10-30 21:21<span class="Apple-tab-span" style="white-space:pre"> </span>279656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div> <div>2011-12-07 23:17 . 2011-12-07 23:17<span class="Apple-tab-span" style="white-space:pre"> </span>158056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*Note* empty entries & legit default entries are not shown </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]</div> <div>2012-02-15 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>48488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div> <div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]</div> <div>2009-11-25 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>297808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\System32\mscoree.dll</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</div> <div>"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [2012-02-15 48488]</div> <div>.</div> <div>[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]</div> <div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-23 39408]</div> <div>"DownloadManager"="c:\program files (x86)\Download Manager\DownloadManager.exe" [2012-02-27 654336]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div> <div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div> <div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]</div> <div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div> <div>"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-09-18 967168]</div> <div>"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-30 149280]</div> <div>"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]</div> <div>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]</div> <div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]</div> <div>"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]</div> <div>"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</div> <div>"aux"=wdmaud.drv</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div> <div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]</div> <div>@="Service"</div> <div>.</div> <div>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]</div> <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div> <div>R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]</div> <div>R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]</div> <div>R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]</div> <div>R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]</div> <div>R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]</div> <div>R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]</div> <div>R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]</div> <div>S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]</div> <div>S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]</div> <div>S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]</div> <div>S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]</div> <div>S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]</div> <div>S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]</div> <div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]</div> <div>S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]</div> <div>S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]</div> <div>S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]</div> <div>S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]</div> <div>S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]</div> <div>.</div> <div>.</div> <div>--- Other Services/Drivers In Memory ---</div> <div>.</div> <div>*NewlyCreated* - WS2IFSL</div> <div>.</div> <div>Contents of the 'Scheduled Tasks' folder</div> <div>.</div> <div>2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34]</div> <div>.</div> <div>2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div> <div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34]</div> <div>.</div> <div>2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001Core.job</div> <div>- c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37]</div> <div>.</div> <div>2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001UA.job</div> <div>- c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37]</div> <div>.</div> <div>2012-02-23 c:\windows\Tasks\HPCeeScheduleForDarlene.job</div> <div>- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]</div> <div>.</div> <div>2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job</div> <div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div> <div>.</div> <div>.</div> <div>--------- x86-64 -----------</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]</div> <div>"LoadAppInit_DLLs"=0x0</div> <div>.</div> <div>------- Supplementary Scan -------</div> <div>.</div> <div>uStart Page = hxxp://www.pogo.com/</div> <div>uLocal Page = c:\windows\system32\blank.htm</div> <div>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt</div> <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div> <div>uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=AAF00B3001CCF4E800D9CE4A&src_id=30504&camp_id=3906&tb_version=1.1.3001.0(B)</div> <div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html</div> <div>TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe</div> <div>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe</div> <div>AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Shockwave Flash Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div> <div>@="0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash.10"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Macromedia Flash Factory Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="FlashFactory.FlashFactory.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="FlashFactory.FlashFactory"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker4"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>"MSCurrentCountry"=dword:000000b5</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>------------------------ Other Running Processes ------------------------</div> <div>.</div> <div>c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe</div> <div>c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE</div> <div>c:\program files (x86)\Brownie\brpjp04a.exe</div> <div>.</div> <div>**************************************************************************</div> <div>.</div> <div>Completion time: 2012-03-03 12:20:38 - machine was rebooted</div> <div>ComboFix-quarantined-files.txt 2012-03-03 18:20</div> <div>.</div> <div>Pre-Run: 429,059,964,928 bytes free</div> <div>Post-Run: 429,296,713,728 bytes free</div> <div>.</div> <div>- - End Of File - - F6F20D961E21F5CB877F61B0DA730DDB</div> <div> </div> <div> </div> <div> </div> <div> </div> <div>Updated and ran Malwarebytes in quick scan mode...here is the report:</div> <div> </div> <div> </div> <div> <div>Malwarebytes Anti-Malware 1.60.1.1000</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.03.03.07</div> <div> </div> <div>Windows 7 x64 NTFS</div> <div>Internet Explorer 8.0.7600.16385</div> <div>Darlene :: DARLENE-PC [administrator]</div> <div> </div> <div>3/3/2012 12:33:45 PM</div> <div>mbam-log-2012-03-03 (12-33-45).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 221859</div> <div>Time elapsed: 4 minute(s), 38 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div> </div> <div> </div> <div>Malwarebytes completed the quick scan with no objects detected and also during the scan AVG antivirus DID NOT pop up with any threats detected like it did before. Does this mean that it is clean????</div> <div> </div> <div>Thanks so much for your help...</div> <div> </div>
-
Mr. C.....we live in Tennessee and are preparing for very severe weather this afternooon. Possible severe thunderstorms with long tracking tornados...can we put this on hold for a day or so? If everything is ok, I will be able to continue on this tomorrow (Saturday). If i find the time before the storms hit us, I will run combofix. Thanks Darryl
-
Good Evening Mr. C. Thanks for getting back to me... I ran TDSSKiller as you suggested but the results did not quite come up as you described. The 2 threats deteced were: rootkit.boot.prihar.b physical drive:\device\harddisk 0\dro malware object, high risk the default was....cure tdss file system physical drive:\device\harddisc\dro suspicious object, medium risk the default was....skip I left the defaults as they were and continued with the instructions you posted. The computer rebooted with no problems....here is the TDSSKiller report: 20:38:30.0498 7620 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24 20:38:30.0977 7620 ============================================================ 20:38:30.0977 7620 Current date / time: 2012/03/01 20:38:30.0977 20:38:30.0977 7620 SystemInfo: 20:38:30.0977 7620 20:38:30.0977 7620 OS Version: 6.1.7600 ServicePack: 0.0 20:38:30.0977 7620 Product type: Workstation 20:38:30.0978 7620 ComputerName: DARLENE-PC 20:38:30.0978 7620 UserName: Darlene 20:38:30.0978 7620 Windows directory: C:\Windows 20:38:30.0978 7620 System windows directory: C:\Windows 20:38:30.0978 7620 Running under WOW64 20:38:30.0978 7620 Processor architecture: Intel x64 20:38:30.0978 7620 Number of processors: 2 20:38:30.0978 7620 Page size: 0x1000 20:38:30.0978 7620 Boot type: Normal boot 20:38:30.0978 7620 ============================================================ 20:38:32.0294 7620 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 20:38:32.0299 7620 \Device\Harddisk0\DR0: 20:38:32.0299 7620 MBR used 20:38:32.0299 7620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:38:32.0299 7620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38D84000 20:38:32.0299 7620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38DB6800, BlocksNum 0x15CF000 20:38:32.0398 7620 Initialize success 20:38:32.0398 7620 ============================================================ 20:39:14.0277 6668 ============================================================ 20:39:14.0277 6668 Scan started 20:39:14.0277 6668 Mode: Manual; SigCheck; TDLFS; 20:39:14.0277 6668 ============================================================ 20:39:16.0208 6668 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 20:39:16.0532 6668 1394ohci - ok 20:39:16.0613 6668 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 20:39:16.0655 6668 ACPI - ok 20:39:16.0687 6668 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 20:39:16.0793 6668 AcpiPmi - ok 20:39:16.0834 6668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:39:16.0881 6668 adp94xx - ok 20:39:16.0908 6668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:39:16.0963 6668 adpahci - ok 20:39:16.0991 6668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:39:17.0027 6668 adpu320 - ok 20:39:17.0095 6668 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 20:39:17.0192 6668 AFD - ok 20:39:17.0253 6668 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys 20:39:17.0397 6668 AgereSoftModem - ok 20:39:17.0435 6668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 20:39:17.0465 6668 agp440 - ok 20:39:17.0503 6668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 20:39:17.0532 6668 aliide - ok 20:39:17.0570 6668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 20:39:17.0598 6668 amdide - ok 20:39:17.0628 6668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:39:17.0695 6668 AmdK8 - ok 20:39:17.0735 6668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:39:17.0792 6668 AmdPPM - ok 20:39:17.0839 6668 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 20:39:17.0870 6668 amdsata - ok 20:39:17.0915 6668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:39:17.0950 6668 amdsbs - ok 20:39:17.0974 6668 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 20:39:18.0003 6668 amdxata - ok 20:39:18.0059 6668 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 20:39:18.0217 6668 AppID - ok 20:39:18.0308 6668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:39:18.0339 6668 arc - ok 20:39:18.0370 6668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:39:18.0402 6668 arcsas - ok 20:39:18.0545 6668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:39:18.0730 6668 AsyncMac - ok 20:39:18.0767 6668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 20:39:18.0795 6668 atapi - ok 20:39:18.0858 6668 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 20:39:18.0924 6668 AVGIDSDriver - ok 20:39:18.0949 6668 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 20:39:18.0973 6668 AVGIDSEH - ok 20:39:18.0994 6668 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 20:39:19.0018 6668 AVGIDSFilter - ok 20:39:19.0065 6668 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys 20:39:19.0098 6668 Avgldx64 - ok 20:39:19.0115 6668 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys 20:39:19.0142 6668 Avgmfx64 - ok 20:39:19.0168 6668 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys 20:39:19.0192 6668 Avgrkx64 - ok 20:39:19.0216 6668 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys 20:39:19.0255 6668 Avgtdia - ok 20:39:19.0332 6668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:39:19.0424 6668 b06bdrv - ok 20:39:19.0460 6668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:39:19.0528 6668 b57nd60a - ok 20:39:19.0601 6668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:39:19.0727 6668 Beep - ok 20:39:19.0790 6668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:39:19.0846 6668 blbdrive - ok 20:39:19.0894 6668 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 20:39:19.0988 6668 bowser - ok 20:39:20.0014 6668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:39:20.0078 6668 BrFiltLo - ok 20:39:20.0098 6668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:39:20.0140 6668 BrFiltUp - ok 20:39:20.0183 6668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:39:20.0275 6668 Brserid - ok 20:39:20.0300 6668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:39:20.0361 6668 BrSerWdm - ok 20:39:20.0405 6668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:39:20.0476 6668 BrUsbMdm - ok 20:39:20.0507 6668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:39:20.0558 6668 BrUsbSer - ok 20:39:20.0612 6668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:39:20.0676 6668 BTHMODEM - ok 20:39:20.0732 6668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:39:20.0850 6668 cdfs - ok 20:39:20.0927 6668 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 20:39:20.0982 6668 cdrom - ok 20:39:21.0039 6668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:39:21.0105 6668 circlass - ok 20:39:21.0142 6668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:39:21.0183 6668 CLFS - ok 20:39:21.0262 6668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:39:21.0314 6668 CmBatt - ok 20:39:21.0334 6668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 20:39:21.0362 6668 cmdide - ok 20:39:21.0430 6668 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 20:39:21.0550 6668 CNG - ok 20:39:21.0587 6668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:39:21.0614 6668 Compbatt - ok 20:39:21.0639 6668 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 20:39:21.0704 6668 CompositeBus - ok 20:39:21.0755 6668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:39:21.0783 6668 crcdisk - ok 20:39:21.0853 6668 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 20:39:21.0944 6668 DfsC - ok 20:39:21.0982 6668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:39:22.0111 6668 discache - ok 20:39:22.0170 6668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:39:22.0199 6668 Disk - ok 20:39:22.0253 6668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:39:22.0311 6668 drmkaud - ok 20:39:22.0371 6668 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 20:39:22.0440 6668 DXGKrnl - ok 20:39:22.0557 6668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:39:22.0731 6668 ebdrv - ok 20:39:22.0810 6668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:39:22.0859 6668 elxstor - ok 20:39:22.0878 6668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 20:39:22.0947 6668 ErrDev - ok 20:39:23.0002 6668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:39:23.0116 6668 exfat - ok 20:39:23.0141 6668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:39:23.0273 6668 fastfat - ok 20:39:23.0336 6668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:39:23.0442 6668 fdc - ok 20:39:23.0494 6668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:39:23.0526 6668 FileInfo - ok 20:39:23.0631 6668 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys 20:39:23.0658 6668 FileMonitor - ok 20:39:23.0681 6668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:39:23.0831 6668 Filetrace - ok 20:39:23.0881 6668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:39:23.0933 6668 flpydisk - ok 20:39:23.0983 6668 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 20:39:24.0021 6668 FltMgr - ok 20:39:24.0057 6668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:39:24.0088 6668 FsDepends - ok 20:39:24.0105 6668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 20:39:24.0134 6668 Fs_Rec - ok 20:39:24.0186 6668 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:39:24.0227 6668 fvevol - ok 20:39:24.0256 6668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:39:24.0286 6668 gagp30kx - ok 20:39:24.0360 6668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:39:24.0452 6668 hcw85cir - ok 20:39:24.0485 6668 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:39:24.0549 6668 HDAudBus - ok 20:39:24.0590 6668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:39:24.0645 6668 HidBatt - ok 20:39:24.0682 6668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:39:24.0779 6668 HidBth - ok 20:39:24.0810 6668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:39:24.0872 6668 HidIr - ok 20:39:24.0944 6668 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 20:39:24.0995 6668 HidUsb - ok 20:39:25.0079 6668 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 20:39:25.0110 6668 HpSAMD - ok 20:39:25.0173 6668 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 20:39:25.0360 6668 HTTP - ok 20:39:25.0387 6668 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 20:39:25.0415 6668 hwpolicy - ok 20:39:25.0437 6668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 20:39:25.0474 6668 i8042prt - ok 20:39:25.0529 6668 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 20:39:25.0574 6668 iaStorV - ok 20:39:25.0619 6668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:39:25.0648 6668 iirsp - ok 20:39:25.0748 6668 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys 20:39:25.0857 6668 IntcAzAudAddService - ok 20:39:25.0883 6668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 20:39:25.0910 6668 intelide - ok 20:39:25.0953 6668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:39:26.0008 6668 intelppm - ok 20:39:26.0056 6668 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:39:26.0243 6668 IpFilterDriver - ok 20:39:26.0280 6668 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 20:39:26.0336 6668 IPMIDRV - ok 20:39:26.0373 6668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:39:26.0493 6668 IPNAT - ok 20:39:26.0528 6668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:39:26.0599 6668 IRENUM - ok 20:39:26.0629 6668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 20:39:26.0656 6668 isapnp - ok 20:39:26.0695 6668 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 20:39:26.0730 6668 iScsiPrt - ok 20:39:26.0798 6668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 20:39:26.0828 6668 kbdclass - ok 20:39:26.0862 6668 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 20:39:26.0925 6668 kbdhid - ok 20:39:26.0974 6668 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 20:39:27.0004 6668 KSecDD - ok 20:39:27.0029 6668 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 20:39:27.0062 6668 KSecPkg - ok 20:39:27.0099 6668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:39:27.0215 6668 ksthunk - ok 20:39:27.0284 6668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:39:27.0397 6668 lltdio - ok 20:39:27.0456 6668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:39:27.0488 6668 LSI_FC - ok 20:39:27.0515 6668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:39:27.0548 6668 LSI_SAS - ok 20:39:27.0575 6668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:39:27.0604 6668 LSI_SAS2 - ok 20:39:27.0632 6668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:39:27.0663 6668 LSI_SCSI - ok 20:39:27.0705 6668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:39:27.0819 6668 luafv - ok 20:39:27.0862 6668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:39:27.0916 6668 megasas - ok 20:39:27.0950 6668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:39:27.0989 6668 MegaSR - ok 20:39:28.0016 6668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:39:28.0131 6668 Modem - ok 20:39:28.0208 6668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:39:28.0268 6668 monitor - ok 20:39:28.0302 6668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:39:28.0331 6668 mouclass - ok 20:39:28.0367 6668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:39:28.0424 6668 mouhid - ok 20:39:28.0469 6668 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 20:39:28.0499 6668 mountmgr - ok 20:39:28.0525 6668 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 20:39:28.0559 6668 mpio - ok 20:39:28.0581 6668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:39:28.0709 6668 mpsdrv - ok 20:39:28.0752 6668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 20:39:28.0815 6668 MRxDAV - ok 20:39:28.0868 6668 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:39:28.0950 6668 mrxsmb - ok 20:39:28.0998 6668 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:39:29.0056 6668 mrxsmb10 - ok 20:39:29.0088 6668 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:39:29.0145 6668 mrxsmb20 - ok 20:39:29.0171 6668 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 20:39:29.0199 6668 msahci - ok 20:39:29.0232 6668 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 20:39:29.0264 6668 msdsm - ok 20:39:29.0326 6668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:39:29.0422 6668 Msfs - ok 20:39:29.0439 6668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:39:29.0559 6668 mshidkmdf - ok 20:39:29.0597 6668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 20:39:29.0626 6668 msisadrv - ok 20:39:29.0662 6668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:39:29.0778 6668 MSKSSRV - ok 20:39:29.0807 6668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:39:29.0924 6668 MSPCLOCK - ok 20:39:29.0955 6668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:39:30.0071 6668 MSPQM - ok 20:39:30.0107 6668 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 20:39:30.0154 6668 MsRPC - ok 20:39:30.0200 6668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 20:39:30.0228 6668 mssmbios - ok 20:39:30.0254 6668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:39:30.0375 6668 MSTEE - ok 20:39:30.0409 6668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:39:30.0460 6668 MTConfig - ok 20:39:30.0498 6668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:39:30.0528 6668 Mup - ok 20:39:30.0667 6668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:39:30.0741 6668 NativeWifiP - ok 20:39:30.0795 6668 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 20:39:30.0861 6668 NDIS - ok 20:39:30.0895 6668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:39:30.0991 6668 NdisCap - ok 20:39:31.0014 6668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:39:31.0132 6668 NdisTapi - ok 20:39:31.0164 6668 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 20:39:31.0284 6668 Ndisuio - ok 20:39:31.0304 6668 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:39:31.0404 6668 NdisWan - ok 20:39:31.0426 6668 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 20:39:31.0538 6668 NDProxy - ok 20:39:31.0580 6668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:39:31.0695 6668 NetBIOS - ok 20:39:31.0732 6668 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 20:39:31.0856 6668 NetBT - ok 20:39:31.0925 6668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:39:31.0954 6668 nfrd960 - ok 20:39:31.0983 6668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:39:32.0095 6668 Npfs - ok 20:39:32.0140 6668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:39:32.0252 6668 nsiproxy - ok 20:39:32.0331 6668 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 20:39:32.0438 6668 Ntfs - ok 20:39:32.0470 6668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:39:32.0565 6668 Null - ok 20:39:32.0860 6668 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:39:33.0385 6668 nvlddmkm - ok 20:39:33.0415 6668 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys 20:39:33.0438 6668 NVNET - ok 20:39:33.0473 6668 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 20:39:33.0493 6668 nvraid - ok 20:39:33.0520 6668 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 20:39:33.0540 6668 nvstor - ok 20:39:33.0573 6668 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys 20:39:33.0591 6668 nvstor64 - ok 20:39:33.0644 6668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 20:39:33.0663 6668 nv_agp - ok 20:39:33.0692 6668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 20:39:33.0745 6668 ohci1394 - ok 20:39:33.0790 6668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:39:33.0826 6668 Parport - ok 20:39:33.0852 6668 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 20:39:33.0882 6668 partmgr - ok 20:39:33.0913 6668 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 20:39:33.0948 6668 pci - ok 20:39:33.0968 6668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 20:39:33.0995 6668 pciide - ok 20:39:34.0031 6668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:39:34.0068 6668 pcmcia - ok 20:39:34.0095 6668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:39:34.0126 6668 pcw - ok 20:39:34.0164 6668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:39:34.0279 6668 PEAUTH - ok 20:39:34.0384 6668 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 20:39:34.0498 6668 PptpMiniport - ok 20:39:34.0545 6668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:39:34.0598 6668 Processor - ok 20:39:34.0659 6668 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 20:39:34.0773 6668 Psched - ok 20:39:34.0852 6668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:39:34.0956 6668 ql2300 - ok 20:39:34.0991 6668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:39:35.0023 6668 ql40xx - ok 20:39:35.0053 6668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:39:35.0126 6668 QWAVEdrv - ok 20:39:35.0155 6668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:39:35.0265 6668 RasAcd - ok 20:39:35.0298 6668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:39:35.0422 6668 RasAgileVpn - ok 20:39:35.0456 6668 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:39:35.0573 6668 Rasl2tp - ok 20:39:35.0616 6668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:39:35.0733 6668 RasPppoe - ok 20:39:35.0752 6668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:39:35.0871 6668 RasSstp - ok 20:39:35.0917 6668 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 20:39:36.0039 6668 rdbss - ok 20:39:36.0083 6668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:39:36.0145 6668 rdpbus - ok 20:39:36.0178 6668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:39:36.0287 6668 RDPCDD - ok 20:39:36.0306 6668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:39:36.0422 6668 RDPENCDD - ok 20:39:36.0459 6668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:39:36.0553 6668 RDPREFMP - ok 20:39:36.0580 6668 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 20:39:36.0704 6668 RDPWD - ok 20:39:36.0745 6668 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 20:39:36.0780 6668 rdyboost - ok 20:39:36.0849 6668 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 20:39:36.0872 6668 RegFilter - ok 20:39:36.0928 6668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:39:37.0041 6668 rspndr - ok 20:39:37.0095 6668 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 20:39:37.0126 6668 sbp2port - ok 20:39:37.0153 6668 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 20:39:37.0269 6668 scfilter - ok 20:39:37.0330 6668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:39:37.0441 6668 secdrv - ok 20:39:37.0506 6668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:39:37.0563 6668 Serenum - ok 20:39:37.0603 6668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:39:37.0640 6668 Serial - ok 20:39:37.0669 6668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:39:37.0719 6668 sermouse - ok 20:39:37.0780 6668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 20:39:37.0837 6668 sffdisk - ok 20:39:37.0869 6668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 20:39:37.0929 6668 sffp_mmc - ok 20:39:37.0960 6668 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 20:39:38.0000 6668 sffp_sd - ok 20:39:38.0042 6668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:39:38.0075 6668 sfloppy - ok 20:39:38.0112 6668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:39:38.0141 6668 SiSRaid2 - ok 20:39:38.0161 6668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:39:38.0191 6668 SiSRaid4 - ok 20:39:38.0233 6668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:39:38.0345 6668 Smb - ok 20:39:38.0394 6668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:39:38.0423 6668 spldr - ok 20:39:38.0489 6668 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 20:39:38.0572 6668 srv - ok 20:39:38.0605 6668 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 20:39:38.0670 6668 srv2 - ok 20:39:38.0717 6668 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 20:39:38.0771 6668 srvnet - ok 20:39:38.0836 6668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:39:38.0866 6668 stexstor - ok 20:39:38.0915 6668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 20:39:38.0942 6668 swenum - ok 20:39:39.0051 6668 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 20:39:39.0174 6668 Tcpip - ok 20:39:39.0234 6668 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 20:39:39.0332 6668 TCPIP6 - ok 20:39:39.0371 6668 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 20:39:39.0469 6668 tcpipreg - ok 20:39:39.0499 6668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:39:39.0612 6668 TDPIPE - ok 20:39:39.0643 6668 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 20:39:39.0757 6668 TDTCP - ok 20:39:39.0802 6668 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 20:39:39.0923 6668 tdx - ok 20:39:39.0957 6668 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 20:39:39.0988 6668 TermDD - ok 20:39:40.0053 6668 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:39:40.0150 6668 tssecsrv - ok 20:39:40.0174 6668 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 20:39:40.0298 6668 tunnel - ok 20:39:40.0349 6668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:39:40.0379 6668 uagp35 - ok 20:39:40.0404 6668 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 20:39:40.0528 6668 udfs - ok 20:39:40.0602 6668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 20:39:40.0632 6668 uliagpkx - ok 20:39:40.0650 6668 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 20:39:40.0708 6668 umbus - ok 20:39:40.0821 6668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:39:40.0940 6668 UmPass - ok 20:39:41.0034 6668 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 20:39:41.0059 6668 UrlFilter - ok 20:39:41.0107 6668 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 20:39:41.0169 6668 usbccgp - ok 20:39:41.0202 6668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 20:39:41.0267 6668 usbcir - ok 20:39:41.0312 6668 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 20:39:41.0367 6668 usbehci - ok 20:39:41.0427 6668 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 20:39:41.0492 6668 usbhub - ok 20:39:41.0531 6668 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 20:39:41.0582 6668 usbohci - ok 20:39:41.0630 6668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:39:41.0687 6668 usbprint - ok 20:39:41.0728 6668 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:39:41.0815 6668 USBSTOR - ok 20:39:41.0847 6668 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 20:39:41.0894 6668 usbuhci - ok 20:39:41.0947 6668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 20:39:41.0975 6668 vdrvroot - ok 20:39:42.0018 6668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:39:42.0059 6668 vga - ok 20:39:42.0083 6668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:39:42.0196 6668 VgaSave - ok 20:39:42.0246 6668 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 20:39:42.0282 6668 vhdmp - ok 20:39:42.0310 6668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 20:39:42.0338 6668 viaide - ok 20:39:42.0370 6668 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 20:39:42.0402 6668 volmgr - ok 20:39:42.0446 6668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 20:39:42.0488 6668 volmgrx - ok 20:39:42.0546 6668 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 20:39:42.0584 6668 volsnap - ok 20:39:42.0610 6668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:39:42.0644 6668 vsmraid - ok 20:39:42.0672 6668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 20:39:42.0756 6668 vwifibus - ok 20:39:42.0802 6668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:39:42.0852 6668 WacomPen - ok 20:39:42.0905 6668 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 20:39:43.0021 6668 WANARP - ok 20:39:43.0030 6668 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 20:39:43.0127 6668 Wanarpv6 - ok 20:39:43.0207 6668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:39:43.0234 6668 Wd - ok 20:39:43.0275 6668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:39:43.0329 6668 Wdf01000 - ok 20:39:43.0394 6668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:39:43.0492 6668 WfpLwf - ok 20:39:43.0518 6668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:39:43.0545 6668 WIMMount - ok 20:39:43.0646 6668 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 20:39:43.0705 6668 WinUsb - ok 20:39:43.0749 6668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:39:43.0799 6668 WmiAcpi - ok 20:39:43.0879 6668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:39:43.0975 6668 ws2ifsl - ok 20:39:44.0025 6668 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 20:39:44.0145 6668 WudfPf - ok 20:39:44.0189 6668 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:39:44.0290 6668 WUDFRd - ok 20:39:44.0340 6668 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0 20:39:44.0369 6668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 20:39:44.0369 6668 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 20:39:44.0400 6668 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:39:44.0401 6668 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:39:44.0438 6668 Boot (0x1200) (eba8655466c035177020ae569cb13a60) \Device\Harddisk0\DR0\Partition0 20:39:44.0441 6668 \Device\Harddisk0\DR0\Partition0 - ok 20:39:44.0457 6668 Boot (0x1200) (1f418ea9d33d1da1f5b6af85b54fe64b) \Device\Harddisk0\DR0\Partition1 20:39:44.0460 6668 \Device\Harddisk0\DR0\Partition1 - ok 20:39:44.0492 6668 Boot (0x1200) (28624251aa9bb9d202863fff29da62a6) \Device\Harddisk0\DR0\Partition2 20:39:44.0494 6668 \Device\Harddisk0\DR0\Partition2 - ok 20:39:44.0495 6668 ============================================================ 20:39:44.0495 6668 Scan finished 20:39:44.0495 6668 ============================================================ 20:39:44.0527 4020 Detected object count: 2 20:39:44.0527 4020 Actual detected object count: 2 20:51:12.0367 4020 \Device\Harddisk0\DR0\# - copied to quarantine 20:51:12.0367 4020 \Device\Harddisk0\DR0 - copied to quarantine 20:51:12.0407 4020 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 20:51:12.0407 4020 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 20:51:12.0417 4020 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 20:51:12.0437 4020 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 20:51:12.0437 4020 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 20:51:12.0437 4020 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 20:51:12.0467 4020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 20:51:12.0477 4020 \Device\Harddisk0\DR0 - ok 20:51:13.0037 4020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 20:51:13.0037 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 20:51:13.0037 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 20:51:36.0477 7544 Deinitialize success Thanks so much..... Darryl
-
Thanks for responding Mr. C. !! It is much appreciated. When I first opened up roquekiller, it flashed 'svchost.exe - killed'. I then hit the scan button. Here is the Roquekiller report: RogueKiller V7.2.1 [02/29/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Darlene [Admin rights] Mode: Scan -- Date: 02/29/2012 18:27:58 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 6 ¤¤¤ [bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 94.63.147.16 www.google.com 94.63.147.17 www.bing.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++ --- User --- [MBR] a4e6e4b2db41d59aeb7dabadd7035bff [bSP] badac77e52380834dc3972cd4aa54488 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465672 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 953903104 | Size: 11166 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt Otl.txt report: OTL logfile created on: 2/29/2012 6:36:30 PM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Darlene\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 30.26% Memory free 5.75 Gb Paging File | 3.16 Gb Available in Paging File | 55.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454.76 Gb Total Space | 398.68 Gb Free Space | 87.67% Space Free | Partition Type: NTFS Drive D: | 10.90 Gb Total Space | 2.02 Gb Free Space | 18.56% Space Free | Partition Type: NTFS Drive E: | 83.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: DARLENE-PC | User Name: Darlene | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/29 18:34:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe PRC - [2012/02/26 18:41:25 | 000,654,336 | ---- | M] (DownloadManager) -- C:\Program Files (x86)\Download Manager\DownloadManager.exe PRC - [2012/02/06 17:57:10 | 000,934,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012/02/06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008/01/11 11:54:44 | 000,090,112 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe ========== Modules (No Company Name) ========== MOD - [2012/02/19 03:28:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll MOD - [2012/02/19 03:28:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012/02/19 03:28:24 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll MOD - [2012/02/19 03:28:18 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll MOD - [2012/02/19 03:28:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012/02/19 03:27:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012/02/19 03:27:57 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2012/02/14 23:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll MOD - [2012/02/14 23:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll MOD - [2012/02/14 23:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll MOD - [2012/02/14 23:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll MOD - [2012/02/14 23:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll MOD - [2011/10/13 02:28:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2012/02/06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 04:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/19 10:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/ IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 12 00 D0 A8 59 CA 01 [binary data] IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Darlene\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Darlene\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:01:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/18 14:15:37 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Yahoo! (Enabled) CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=380920&p={searchTerms} CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Download Manager (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\joodbcgfkkeoaggiinabcekkekiobfdl\1.0_0\npDownloadManager.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: AVG Safe Search = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\ CHR - Extension: Download Manager = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\joodbcgfkkeoaggiinabcekkekiobfdl\1.0_0\ CHR - Extension: Gmail = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/02/19 00:55:44 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 94.63.147.16 www.google.com O1 - Hosts: 94.63.147.17 www.bing.com O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll (Spigot, Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro) O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro) O3:64bit: - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001..\Run: [DownloadManager] C:\Program Files (x86)\Download Manager\DownloadManager.exe (DownloadManager) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D058B7-6742-44CD-B071-8F9AC846D243}: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/29 18:34:30 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe [2012/02/29 18:27:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\RK_Quarantine [2012/02/27 19:14:37 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Logs [2012/02/27 19:13:54 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\DEBUG PROGRAMS [2012/02/26 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Darlene\New folder [2012/02/26 18:53:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2012/02/26 18:52:14 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Darlene\Desktop\cnet2_ComboFix_exe.exe [2012/02/26 18:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alotappbar [2012/02/26 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\DownloadManager [2012/02/26 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Download Manager [2012/02/26 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Outlook Express [2012/02/26 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Email [2012/02/26 11:14:58 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Computer maintanence [2012/02/26 11:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012/02/26 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012/02/26 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar [2012/02/26 11:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter [2012/02/26 11:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2012/02/26 11:04:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\IObit [2012/02/26 11:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2012/02/23 17:36:11 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Google [2012/02/23 17:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012/02/23 17:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012/02/23 17:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/02/23 17:34:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/02/19 03:13:18 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/02/18 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\AVG2012 [2012/02/18 14:15:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/02/18 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2012/02/18 14:15:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/02/18 14:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/02/18 14:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2012/02/18 14:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/02/18 14:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/02/18 10:47:20 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/02/18 10:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/02/18 10:46:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2012/02/18 10:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/02/18 10:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/02/18 10:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/02/18 03:53:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/02/18 03:53:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/02/17 08:33:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012/02/17 08:22:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\23954 [2012/02/17 08:21:57 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\A0A23 [2012/02/16 23:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\23954 [2012/02/16 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP [2012/02/06 16:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantom EFX [2012/02/06 13:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [2012/02/06 13:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} [2012/02/05 23:51:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/02/01 08:46:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump ========== Files - Modified Within 30 Days ========== [2012/02/29 18:34:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe [2012/02/29 18:05:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001UA.job [2012/02/29 17:45:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/29 17:45:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/29 17:29:27 | 090,442,176 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/02/29 16:05:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001Core.job [2012/02/29 07:16:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/28 11:58:38 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2012/02/27 18:43:44 | 000,038,234 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/02/26 21:23:09 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/26 21:23:09 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/26 21:23:09 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/26 19:06:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/26 19:06:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/26 18:59:30 | 000,000,333 | ---- | M] () -- C:\Windows\Brownie.ini [2012/02/26 18:58:49 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys [2012/02/26 18:51:46 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Darlene\Desktop\cnet2_ComboFix_exe.exe [2012/02/26 12:38:08 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2012/02/23 16:17:33 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDarlene.job [2012/02/19 03:27:03 | 000,329,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/19 03:03:32 | 000,002,421 | ---- | M] () -- C:\Users\Darlene\Desktop\Google Chrome.lnk [2012/02/19 00:55:44 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/02/18 14:15:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/02/18 14:15:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/02/18 10:44:40 | 000,002,025 | ---- | M] () -- C:\Users\Darlene\Documents\Adobe Reader X.lnk [2012/02/18 10:09:54 | 000,001,099 | ---- | M] () -- C:\Users\Darlene\Desktop\Documents.lnk [2012/02/17 08:33:39 | 000,000,408 | ---- | M] () -- C:\ProgramData\zCxZvAkflklsr3 [2012/02/17 08:33:18 | 000,000,312 | ---- | M] () -- C:\ProgramData\~zCxZvAkflklsr3 [2012/02/17 08:33:18 | 000,000,216 | ---- | M] () -- C:\ProgramData\~zCxZvAkflklsr3r [2012/02/06 16:41:11 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Play WMS Slots Reel EM IN.lnk [2012/02/06 13:59:22 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk ========== Files Created - No Company Name ========== [2012/02/29 17:29:27 | 090,442,176 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/02/27 18:43:44 | 000,038,234 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/02/26 12:38:08 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2012/02/23 17:35:09 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/23 17:35:07 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/18 14:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm [2012/02/18 14:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm [2012/02/18 10:44:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/02/18 10:44:40 | 000,002,025 | ---- | C] () -- C:\Users\Darlene\Documents\Adobe Reader X.lnk [2012/02/18 10:09:54 | 000,001,099 | ---- | C] () -- C:\Users\Darlene\Desktop\Documents.lnk [2012/02/17 08:33:18 | 000,000,312 | ---- | C] () -- C:\ProgramData\~zCxZvAkflklsr3 [2012/02/17 08:33:18 | 000,000,216 | ---- | C] () -- C:\ProgramData\~zCxZvAkflklsr3r [2012/02/17 08:33:11 | 000,000,408 | ---- | C] () -- C:\ProgramData\zCxZvAkflklsr3 [2012/02/06 16:41:11 | 000,002,306 | ---- | C] () -- C:\Users\Public\Desktop\Play WMS Slots Reel EM IN.lnk [2012/02/06 14:05:43 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDarlene.job [2012/02/06 13:59:22 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk [2011/08/07 19:42:55 | 000,001,854 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\GhostObjGAFix.xml [2011/06/14 14:50:23 | 000,000,128 | ---- | C] () -- C:\ProgramData\~42786552r [2011/06/14 14:50:23 | 000,000,104 | ---- | C] () -- C:\ProgramData\~42786552 [2011/06/14 14:50:09 | 000,000,344 | ---- | C] () -- C:\ProgramData\42786552 [2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL ========== LOP Check ========== [2012/02/18 09:43:15 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\23954 [2012/02/18 09:43:15 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\A0A23 [2012/02/18 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\AVG2012 [2012/02/18 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\ICAClient [2012/02/26 12:52:11 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\IObit [2012/02/18 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\PictureMover [2009/11/01 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Template [2009/11/21 21:59:31 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WinBatch [2012/02/28 11:58:38 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012/02/01 08:46:10 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extra report: OTL Extras logfile created on: 2/29/2012 6:36:31 PM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Darlene\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 30.26% Memory free 5.75 Gb Paging File | 3.16 Gb Available in Paging File | 55.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454.76 Gb Total Space | 398.68 Gb Free Space | 87.67% Space Free | Partition Type: NTFS Drive D: | 10.90 Gb Total Space | 2.02 Gb Free Space | 18.56% Space Free | Partition Type: NTFS Drive E: | 83.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: DARLENE-PC | User Name: Darlene | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012 "{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AVG" = AVG 2012 "CCleaner" = CCleaner "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "PC-Doctor for Windows" = Hardware Diagnostic Tools [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0C90FB8-D7AE-4ED8-B178-B9065CCF2BC7}" = Brother HL-2140 "{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™ "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X "{B5E8EA9B-2DDB-427C-B18D-96C4B4B51999}" = WMS Slots Reel 'em in "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FDACA485-FE5B-41e5-A9BD-B49B19C2F281}" = IObit Toolbar v5.0 "Adobe AIR" = Adobe AIR "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "alotAppbar" = ALOT Appbar "am-wmsslotsreelemin" = WMS Slots - Reel Em In "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Download Manager" = Download Manager "Homepage Protection" = Homepage Protection "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™ "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "IObit Malware Fighter_is1" = IObit Malware Fighter "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Thanks so much for your time and effort Darryl
-
Hello...My wife's computer has recently become infected with at least 4 trojan horses which results in google searches being redirected to other website search engines. It steadily got worse till the computer would power up but the desktop had lost it's background, and most of the desktop icons were gone: also the computer was very slow. I ran MBAM and AVG anti virus and this helped bring the computer back, but it still has the google redirects. Now, while running MBAM, AVG anti-virus displays 3 trojan horses: 1) C:\windows\temp\sssttx.exe - trojan horse agent.6.BA 2) C:\windows\temp\photo.clas - trojan horse java/agent.ky 3) C:\windows\temp\fpgtkko.exe - trojan horse agent.6.BA I have quarantined these 3 trojan horses. After MBAM completes the quick scan the MBAM results are: 1)Trojan.agent file c:\windows svchost.exe 2) Trojan.agent memory process c:\windows svchost.exe I have quarantined these also. Running another MBAM quick scan produces the same results. Any and all help would be greatly appreciated. I have cleared the cache in both windows explorer and google chrome, and have used ccleaner to clean all temporary files and such. Running a quick scan for AVG Anti-virus and MBAM always produces the same results. I have attached the two DDS files that are required for assistance Thanks so much for any and all assistance. Darryl DDS.txt Attach.txt