Jump to content

shaunacd

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. shaunacd
    After thinking more about this yesterday, I think I'm going to go for the reinstall option. Probably take me about the same time and be a little more secure. Thanks for your help though!
  2. shaunacd
    Thanks for the info! I will work on this today then as I can...it may take me awhile to do. I was afraid this was the case, but we'll give it a try.
  3. shaunacd
    Thanks so much! Here is the RogueKiller report: RogueKiller V7.3.3 [04/22/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Kyle [Admin rights] Mode: Scan -- Date: 04/22/2012 08:00:28 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 8 ¤¤¤ [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ [ZeroAccess] sys32\consrv.dll present! ¤¤¤ HOSTS File: ¤¤¤ 94.63.147.16 www.google.com 94.63.147.17 www.bing.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS ATA Device +++++ --- User --- [MBR] 253ba310102c76a5e6702297238b8848 [bSP] 33e870195992370a52af789e14cb7fe0 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 15360 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31619072 | Size: 223035 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  4. shaunacd
    Working on my sons Dell Studio laptop running Windows 7. I originally started with fixing a Smart HDD issue with Malwarebytes that seemed to be cleared up easily. Then as I started trying to install a regular Anti Virus program like Avast or AVG, ran into other problems...like it tries to remove what it has found on a scan and then wants to restart, but when I restart it gives me a message that it can't restart and it will do a start up repair and restore to a previous point. Which it seems to do. Any internet search still winds up redirected to strange unrelated websites. Thanks for any advice you can give. I have tried a bunch of things (ie. virus scans from Trend Micro, Avast, AVG) but I think I need to just start over and get more experienced advice. Thanks!!! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kyle at 11:35:59 on 2012-04-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3031.1215 [GMT -7:00] . AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\System32\WLTRAY.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindow Title = Internet Explorer provided by Dell uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe uRun: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe StartupFolder: C:\Users\Kyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{1F4D235C-0DCD-409F-B0EE-043D225DC666} : DhcpNameServer = 192.168.15.1 TCP: Interfaces\{56467FCC-C224-483F-9B7D-7C862B1D7945} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{56467FCC-C224-483F-9B7D-7C862B1D7945}\46C696E6B6 : DhcpNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: kpewatq - C:\Windows\system32\config\systemprofile\AppData\Local\kpewatq.dll SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [2009-9-9 89600] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-9-9 705856] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?] R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664] S2 McMPFSvc;McAfee Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-21 17:15:27 -------- d-----w- C:\Users\Kyle\AppData\Local\{8A992053-FB72-42A8-9068-E5AD8CBC979B} 2012-04-21 17:15:15 -------- d-----w- C:\Users\Kyle\AppData\Local\{24420736-49F6-456B-BD4C-D80E1E50953B} 2012-04-21 15:30:21 -------- d-----w- C:\Users\Kyle\AppData\Local\{B7DBC661-D275-46AC-AC0F-B2E0B1378CBC} 2012-04-21 15:30:09 -------- d-----w- C:\Users\Kyle\AppData\Local\{6369E90B-CA4F-4115-942A-DE27D916DFE2} 2012-04-21 05:21:47 -------- d--h--w- C:\ProgramData\Common Files 2012-04-21 05:21:35 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-04-21 05:21:05 -------- d--h--w- C:\$AVG 2012-04-21 05:21:04 -------- d-----w- C:\ProgramData\AVG2012 2012-04-21 05:19:49 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-21 05:16:26 -------- d-----w- C:\ProgramData\MFAData 2012-04-21 01:21:13 -------- d-----w- C:\ProgramData\AVAST Software 2012-04-21 01:21:13 -------- d-----w- C:\Program Files\AVAST Software 2012-04-21 00:38:05 -------- d-----w- C:\Windows\SysWow64\BestPractices 2012-04-21 00:38:04 -------- d-----w- C:\Windows\System32\BestPractices 2012-04-21 00:38:04 -------- d-----w- C:\inetpub 2012-04-20 22:12:25 -------- d-----w- C:\Users\Kyle\AppData\Local\{52E5ACA4-1C40-4BAC-A475-AF53A4DD50D8} 2012-04-20 22:12:13 -------- d-----w- C:\Users\Kyle\AppData\Local\{E29F7C50-712A-406E-A193-B4646C1EA76B} 2012-04-20 04:40:37 -------- d-----w- C:\Users\Kyle\AppData\Local\{DCD9B624-B2F4-49C0-8E96-C4EB477C600C} 2012-04-20 04:40:19 -------- d-----w- C:\Users\Kyle\AppData\Local\{765104BA-1CBE-401B-812E-AB972530204E} 2012-04-20 04:37:59 -------- d-----w- C:\Windows\en 2012-04-20 04:30:52 -------- d-----w- C:\Windows\PCHEALTH 2012-04-20 04:25:47 -------- d-----w- C:\Users\Kyle\AppData\Local\{EB9B97A8-2672-4B06-B7A5-E1E00B14511E} 2012-04-20 04:25:34 -------- d-----w- C:\Users\Kyle\AppData\Local\{73F4908D-C8C1-4028-856C-94E89DDA941D} 2012-04-20 04:17:34 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys 2012-04-20 04:10:03 -------- d-----w- C:\Users\Kyle\AppData\Local\{A3288CEB-D7E5-4A45-B33C-A52786AA1AA7} 2012-04-20 04:09:18 -------- d-----w- C:\Users\Kyle\AppData\Local\{7F2E7918-70F7-4B19-BFC9-F79F291D8955} 2012-04-20 04:09:06 -------- d-----w- C:\Users\Kyle\AppData\Local\{30A20F8B-917C-4547-9F05-481F27A12587} 2012-04-20 00:44:33 -------- d-----w- C:\Users\Kyle\AppData\Local\{89592B6B-E83C-41A6-BA03-42AD9E10EC0A} 2012-04-20 00:44:21 -------- d-----w- C:\Users\Kyle\AppData\Local\{1DAF6771-1041-4242-BADC-222CAB192470} 2012-04-20 00:29:39 19352 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-04-20 00:25:54 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\25ebb4091cd1e8c02\MeshBetaRemover.exe 2012-04-20 00:25:53 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\255a80181cd1e8c01\DSETUP.dll 2012-04-20 00:25:53 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\255a80181cd1e8c01\DXSETUP.exe 2012-04-20 00:25:53 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\255a80181cd1e8c01\dsetup32.dll 2012-04-20 00:24:36 -------- d-----w- C:\Users\Kyle\AppData\Local\{AEE4A84B-9882-4A27-A48B-F8374A24B805} 2012-04-20 00:24:21 -------- d-----w- C:\Users\Kyle\AppData\Local\{2EF8EB09-CEFE-4C61-89CB-E59FD8E28E47} 2012-04-20 00:21:00 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-20 00:09:49 -------- d-----w- C:\Users\Kyle\AppData\Local\{B659158B-D6C0-4FDA-B3F8-0CC17F7F2877} 2012-04-20 00:09:34 -------- d-----w- C:\Users\Kyle\AppData\Local\{6AEC70AC-B203-492A-BE00-ABCDFB988E24} 2012-04-20 00:09:32 20480 ----a-w- C:\Windows\svchost.exe 2012-04-19 22:41:24 -------- d-----w- C:\Users\Kyle\AppData\Local\{9DCDB9CA-BCE4-4688-AD5A-D001F5DF0469} 2012-04-19 22:41:08 -------- d-----w- C:\Users\Kyle\AppData\Local\{467B2AD9-ADC8-4EA4-ACEF-D5FD0B9D4BA0} 2012-04-19 22:23:01 -------- d-----w- C:\Users\Kyle\AppData\Local\{D00C36C0-02F7-40FC-82E6-81AEA4AB642D} 2012-04-19 22:22:45 -------- d-----w- C:\Users\Kyle\AppData\Local\{3CF78D9F-7F76-4141-9B8E-B541F8D309B4} 2012-04-19 04:31:21 -------- d-----w- C:\Users\Kyle\AppData\Local\{CCA91F3A-A682-470F-82A4-39BDEA7C8CDE} 2012-04-19 04:31:18 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd 2012-04-19 04:31:10 -------- d-----w- C:\Users\Kyle\AppData\Local\{5FA9D679-6B57-474E-8365-B87523CCBDFC} 2012-04-19 04:17:24 -------- d-----w- C:\Users\Kyle\AppData\Local\{B2151183-2B6E-4AF6-A17F-8D786B29ABAB} 2012-04-19 04:08:06 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes 2012-04-19 04:06:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-19 04:06:47 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-19 04:06:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2012-04-19 03:58:59 -------- d-----w- C:\Users\Kyle\AppData\Local\{3454C9AC-2DA5-4F87-A9EB-F229776353A9} 2012-04-19 03:40:42 -------- d-----w- C:\Users\Kyle\AppData\Local\{0D76BFF7-C115-4866-BDCC-88B15E0E9F65} 2012-04-15 05:39:00 -------- d-----w- C:\Users\Kyle\AppData\Local\{A2C2C5AC-5CCF-419B-9DCA-0DF187F98F38} 2012-04-15 05:30:03 -------- d-----w- C:\Users\Kyle\AppData\Local\{DE7CFF9E-2ACE-437C-A1ED-9534C1F20701} 2012-04-15 04:21:58 -------- d-----w- C:\Users\Kyle\AppData\Local\{294F9304-842D-413C-9B74-2318C0A9EC3F} 2012-04-15 04:12:35 -------- d-----w- C:\Users\Kyle\AppData\Local\{895F3F91-EA79-48F5-8189-DA5BA8A6AA8C} 2012-04-15 03:58:07 -------- d-----we C:\Windows\system64 2012-04-14 08:19:55 -------- d-----w- C:\Users\Kyle\AppData\Local\{A6B41745-5551-4A15-AB5F-4D480B6718EE} 2012-04-14 03:46:25 -------- d-----w- C:\Users\Kyle\AppData\Local\{830966E2-C4E0-4FD9-8AFD-6D91DC7D7FD9} 2012-04-13 06:48:41 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-04-13 06:48:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-04-13 06:48:40 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-13 06:42:40 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-13 06:42:40 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-13 06:42:40 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-13 06:42:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-13 06:42:39 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-13 06:42:39 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-13 06:42:39 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-10 05:03:58 -------- d-----w- C:\Users\Kyle\AppData\Local\{22C56681-D407-433F-A698-BACE67D40A11} 2012-04-07 05:24:51 -------- d-----w- C:\Users\Kyle\AppData\Local\{0936EE37-CEDD-4BE1-A769-26BACB8F20FE} 2012-04-06 06:01:34 -------- d-----w- C:\Users\Kyle\AppData\Local\{EA12FB84-7B62-4C1D-A051-70D45B984FC4} 2012-04-04 01:34:07 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-04-04 01:34:04 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-04-04 01:34:04 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-04-04 01:33:29 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-04 01:33:29 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-04 01:33:29 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-04 01:33:28 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-04-04 01:33:27 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-04-04 01:33:27 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-04-04 01:33:27 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys . ==================== Find3M ==================== . 2012-04-21 00:33:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-09 01:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2012-03-09 01:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 11:36:23.37 =============== Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.