Jump to content

karenhey

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by karenhey

  1. Thanks for looking at this, however when I do a full scan it still comes up that the computer is infected with "PUM.hijack.StartMenu"... so I still have this problem. Do you know if "PUM.hijack.StartMenu" infects my files? Can I infect others with this trojan through file exchange?
  2. The Attach.txt looks really bad. There are a ton of Windows updates that haven't been updated. It's too long to post. Would you like me to zip it?
  3. Hi Chris, Here's the DDS.txt... . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.16982 Run by Karen at 22:59:29 on 2012-07-09 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2039.1156 [GMT -4:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\vds.exe C:\Windows\system32\taskeng.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Synaptics\Scrybe\scrybe.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mdg.ca uInternet Settings,ProxyOverride = *.local BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe" mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe" mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9DE7A134-F33D-4BCE-B454-7DB493DB99F2} : DhcpNameServer = 192.168.0.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\8nqeqz1p.default\ FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-7-9 50312] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-7-9 42120] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-8 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-8 353688] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-7-9 17032] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-7-9 187016] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-8 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-8 57656] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-8 44808] R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-7-9 61064] R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-7-9 23176] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-9 1153368] R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-8 113120] . =============== Created Last 30 ================ . 2012-07-10 02:00:36 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-09 21:11:28 -------- d-----w- c:\users\karen\appdata\roaming\SumatraPDF 2012-07-09 21:11:20 -------- d-----w- c:\program files\SumatraPDF 2012-07-09 19:51:32 -------- d-----w- c:\users\karen\appdata\roaming\Synaptics 2012-07-09 19:46:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-07-09 19:46:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-09 19:45:29 -------- d-----w- c:\program files\iPod 2012-07-09 19:45:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-07-09 19:45:25 -------- d-----w- c:\program files\iTunes 2012-07-09 19:43:25 -------- d-----w- c:\users\karen\appdata\local\Apple 2012-07-09 19:40:26 -------- d-----w- c:\program files\Bonjour 2012-07-09 19:32:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-09 19:32:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-07-09 19:31:21 -------- d-----w- c:\program files\Unlocker 2012-07-09 19:28:47 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-07-09 19:28:47 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-07-09 19:25:17 -------- d-----w- c:\programdata\Synaptics 2012-07-09 19:25:17 -------- d-----w- c:\program files\Synaptics 2012-07-09 19:25:08 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-09 19:25:06 218408 ----a-w- c:\windows\system32\SynCtrl.dll 2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynCOM.dll 2012-07-09 19:25:06 120104 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-07-09 19:25:05 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-07-09 19:24:20 -------- d-----w- c:\program files\PeaZip 2012-07-09 19:15:39 -------- d-----w- c:\users\karen\appdata\local\Macromedia 2012-07-09 19:14:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-09 19:14:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-09 18:24:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll 2012-07-09 18:24:02 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-07-09 18:23:00 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-07-09 18:21:32 -------- d-----w- c:\windows\PCHEALTH 2012-07-09 13:29:27 -------- d-----w- c:\program files\CCleaner 2012-07-09 13:26:58 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2012-07-09 13:26:57 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys 2012-07-09 13:26:57 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2012-07-09 13:26:55 42120 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2012-07-09 13:26:26 20616 ----a-w- c:\windows\system32\fbnative.exe 2012-07-09 13:25:40 -------- d-----w- c:\program files\EaseUS 2012-07-09 03:43:33 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-09 03:43:31 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-09 03:42:20 41224 ----a-w- c:\windows\avastSS.scr 2012-07-09 03:41:39 -------- d-----w- c:\programdata\AVAST Software 2012-07-09 03:41:39 -------- d-----w- c:\program files\AVAST Software 2012-07-09 02:33:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-09 02:33:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-09 01:03:47 -------- d-----w- c:\users\karen\appdata\local\temp 2012-07-09 00:33:41 98816 ----a-w- c:\windows\sed.exe 2012-07-09 00:33:41 518144 ----a-w- c:\windows\SWREG.exe 2012-07-09 00:33:41 256000 ----a-w- c:\windows\PEV.exe 2012-07-09 00:33:41 208896 ----a-w- c:\windows\MBR.exe 2012-07-08 23:58:50 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL 2012-07-08 21:56:55 -------- d-----w- c:\users\karen\appdata\roaming\Malwarebytes 2012-07-08 21:56:47 -------- d-----w- c:\programdata\Malwarebytes 2012-07-08 21:26:14 -------- d-sh--w- c:\windows\Installer 2012-07-08 20:50:45 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe 2012-07-08 20:50:44 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll 2012-07-08 20:50:44 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll 2012-07-08 20:50:44 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll 2012-07-08 20:49:07 80896 ----a-w- c:\windows\system32\MSNP.ax 2012-07-08 20:49:07 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-07-08 20:49:07 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-07-08 20:49:07 428032 ----a-w- c:\windows\system32\EncDec.dll 2012-07-08 20:49:07 292352 ----a-w- c:\windows\system32\psisdecd.dll 2012-07-08 20:49:07 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-07-08 20:49:07 177152 ----a-w- c:\windows\system32\mpg2splt.ax 2012-07-08 20:49:07 1244672 ----a-w- c:\windows\system32\mcmde.dll 2012-07-08 20:46:44 2048 ----a-w- c:\windows\system32\tzres.dll 2012-07-08 20:45:58 696832 ----a-w- c:\windows\system32\localspl.dll 2012-07-08 20:44:54 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys 2012-07-08 20:44:54 21560 ----a-w- c:\windows\system32\drivers\atapi.sys 2012-07-08 20:44:54 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-07-08 20:44:54 17464 ----a-w- c:\windows\system32\drivers\intelide.sys 2012-07-08 20:44:54 109624 ----a-w- c:\windows\system32\drivers\ataport.sys 2012-07-08 20:44:53 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys 2012-07-08 20:44:30 104448 ----a-w- c:\windows\system32\DWWIN.EXE 2012-07-08 20:44:05 2923520 ----a-w- c:\windows\explorer.exe 2012-07-08 20:43:32 171520 ----a-w- c:\windows\system32\wintrust.dll 2012-07-08 20:42:59 494592 ----a-w- c:\windows\system32\kerberos.dll 2012-07-08 20:42:58 272384 ----a-w- c:\windows\system32\schannel.dll 2012-07-08 20:38:01 1585664 ----a-w- c:\windows\system32\setupapi.dll 2012-07-08 20:36:24 549888 ----a-w- c:\windows\system32\rpcss.dll 2012-07-08 20:36:23 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-07-08 20:36:23 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2012-07-08 20:36:23 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-07-08 20:36:23 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2012-07-08 20:36:22 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2012-07-08 20:36:22 53248 ----a-w- c:\windows\system32\iasads.dll 2012-07-08 20:36:22 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2012-07-08 20:36:22 37888 ----a-w- c:\windows\system32\iasdatastore.dll 2012-07-08 20:36:22 158720 ----a-w- c:\windows\system32\sdohlp.dll 2012-07-08 20:36:21 97280 ----a-w- c:\windows\system32\iasrecst.dll 2012-07-08 20:35:49 62464 ----a-w- c:\windows\system32\l3codeca.acm 2012-07-08 20:35:49 220672 ----a-w- c:\windows\system32\l3codecp.acm 2012-07-08 20:34:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-07-08 20:34:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2012-07-08 20:34:52 22016 ----a-w- c:\windows\system32\netiougc.exe 2012-07-08 20:34:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-07-08 20:34:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll 2012-07-08 20:34:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2012-07-08 20:34:25 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys 2012-07-08 20:34:06 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2012-07-08 20:33:25 25600 ----a-w- c:\windows\system32\amxread.dll 2012-07-08 20:33:25 14848 ----a-w- c:\windows\system32\apilogen.dll 2012-07-08 20:32:56 33280 ----a-w- c:\windows\system32\slwmi.dll 2012-07-08 20:32:56 268288 ----a-w- c:\windows\system32\mcbuilder.exe 2012-07-08 20:32:56 223232 ----a-w- c:\windows\system32\SLC.dll 2012-07-08 20:32:55 57856 ----a-w- c:\windows\system32\SLUINotify.dll 2012-07-08 20:32:55 566784 ----a-w- c:\windows\system32\SLCommDlg.dll 2012-07-08 20:32:55 351232 ----a-w- c:\windows\system32\SLUI.exe 2012-07-08 20:32:55 2605568 ----a-w- c:\windows\system32\SLsvc.exe 2012-07-08 20:32:55 186368 ----a-w- c:\windows\system32\SLLUA.exe 2012-07-08 20:32:54 39936 ----a-w- c:\windows\system32\slcinst.dll 2012-07-08 20:32:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-07-08 20:32:23 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-07-08 20:32:23 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-07-08 20:31:42 97792 ----a-w- c:\windows\system32\cabview.dll 2012-07-08 20:30:42 61440 ----a-w- c:\windows\system32\ntprint.exe 2012-07-08 20:30:42 220160 ----a-w- c:\windows\system32\ntprint.dll 2012-07-08 20:30:41 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-07-08 20:30:41 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll 2012-07-08 20:30:40 1984512 ----a-w- c:\windows\system32\authui.dll 2012-07-08 20:30:39 69632 ----a-w- c:\windows\system32\sendmail.dll 2012-07-08 20:30:38 8138240 ----a-w- c:\windows\system32\ssBranded.scr 2012-07-08 20:29:58 441856 ----a-w- c:\windows\system32\win32spl.dll 2012-07-08 20:29:58 37376 ----a-w- c:\windows\system32\printcom.dll 2012-07-08 20:29:41 2031104 ----a-w- c:\windows\system32\win32k.sys 2012-07-08 20:29:25 14848 ----a-w- c:\windows\system32\wshrm.dll 2012-07-08 20:29:25 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2012-07-08 20:29:02 43520 ----a-w- c:\windows\system32\msdxm.tlb 2012-07-08 20:29:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2012-07-08 20:29:02 18432 ----a-w- c:\windows\system32\amcompat.tlb 2012-07-08 20:28:21 515584 ----a-w- c:\windows\system32\RMActivate.exe 2012-07-08 20:28:21 472576 ----a-w- c:\windows\system32\secproc.dll 2012-07-08 20:28:21 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2012-07-08 20:28:21 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2012-07-08 20:28:21 312320 ----a-w- c:\windows\system32\msdrm.dll 2012-07-08 20:28:21 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2012-07-08 20:28:21 154112 ----a-w- c:\windows\system32\secproc_ssp.dll 2012-07-08 20:28:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2012-07-08 20:28:20 473088 ----a-w- c:\windows\system32\secproc_isv.dll 2012-07-08 20:27:50 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll 2012-07-08 20:27:50 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe 2012-07-08 20:27:50 11776 ----a-w- c:\windows\system32\sbunattend.exe 2012-07-08 20:27:29 83968 ----a-w- c:\windows\system32\dnsrslvr.dll 2012-07-08 20:27:29 24576 ----a-w- c:\windows\system32\dnscacheugc.exe 2012-07-08 20:27:20 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2012-07-08 20:25:42 97800 ----a-w- c:\windows\system32\infocardapi.dll 2012-07-08 20:25:42 622080 ----a-w- c:\windows\system32\icardagt.exe 2012-07-08 20:25:42 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2012-07-08 20:25:42 11264 ----a-w- c:\windows\system32\icardres.dll 2012-07-08 20:25:39 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2012-07-08 20:25:38 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2012-07-08 20:25:38 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-07-08 20:25:38 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2012-07-08 20:14:01 -------- d-----w- C:\Boot 2012-07-08 20:13:26 -------- d-----w- c:\windows\system32\OEM 2012-07-08 20:13:26 -------- d-----w- c:\windows\PANTHER 2012-07-08 19:44:20 -------- d-----w- c:\users\karen\appdata\local\Microsoft Games 2012-07-08 19:26:39 72704 ----a-w- c:\windows\system32\fontsub.dll 2012-07-08 19:26:39 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-07-08 19:26:39 289792 ----a-w- c:\windows\system32\atmfd.dll 2012-07-08 19:26:39 24064 ----a-w- c:\windows\system32\lpk.dll 2012-07-08 19:26:39 156672 ----a-w- c:\windows\system32\t2embed.dll 2012-07-08 19:26:39 10240 ----a-w- c:\windows\system32\dciman32.dll 2012-07-08 19:23:05 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2012-07-08 19:23:04 61440 ----a-w- c:\windows\system32\winipsec.dll 2012-07-08 19:23:04 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2012-07-08 19:23:04 272896 ----a-w- c:\windows\system32\polstore.dll 2012-07-08 19:21:20 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-07-08 19:21:20 306688 ----a-w- c:\windows\system32\drivers\srv.sys 2012-07-08 19:20:30 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2012-07-08 19:20:30 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2012-07-08 19:20:30 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2012-07-08 19:19:40 707072 ----a-w- c:\program files\common files\system\wab32.dll 2012-07-08 19:19:40 41984 ----a-w- c:\program files\windows mail\wabimp.dll 2012-07-08 19:19:40 39424 ----a-w- c:\windows\system32\ACCTRES.dll 2012-07-08 19:19:40 1098752 ----a-w- c:\program files\common files\system\wab32res.dll 2012-07-08 19:19:39 87040 ----a-w- c:\windows\system32\msoert2.dll 2012-07-08 19:19:39 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll 2012-07-08 19:19:39 205824 ----a-w- c:\windows\system32\msoeacct.dll 2012-07-08 19:19:39 1614848 ----a-w- c:\program files\windows mail\msoe.dll 2012-07-08 19:19:36 397312 ----a-w- c:\program files\windows mail\WinMail.exe 2012-07-08 19:19:36 24064 ----a-w- c:\program files\common files\system\DirectDB.dll 2012-07-08 19:19:35 81408 ----a-w- c:\program files\windows mail\oeimport.dll 2012-07-08 19:18:28 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2012-07-08 19:18:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2012-07-08 19:18:28 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2012-07-08 19:18:28 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2012-07-08 19:18:28 15360 ----a-w- c:\windows\system32\netevent.dll 2012-07-08 19:18:28 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2012-07-08 19:18:28 103936 ----a-w- c:\windows\system32\netiohlp.dll 2012-07-08 19:18:28 10240 ----a-w- c:\windows\system32\finger.exe 2012-07-08 19:18:27 19968 ----a-w- c:\windows\system32\ARP.EXE 2012-07-08 19:18:26 213592 ----a-w- c:\windows\system32\drivers\netio.sys 2012-07-08 19:17:14 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr 2012-07-08 19:17:14 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll 2012-07-08 19:17:13 258232 ----a-w- c:\windows\system32\drivers\acpi.sys 2012-07-08 19:17:13 24064 ----a-w- c:\windows\system32\wtsapi32.dll 2012-07-08 19:17:13 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys 2012-07-08 19:17:12 28344 ----a-w- c:\windows\system32\drivers\battc.sys 2012-07-08 19:17:12 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys 2012-07-08 19:17:11 542720 ----a-w- c:\windows\system32\sysmain.dll 2012-07-08 19:16:26 194560 ----a-w- c:\windows\system32\WebClnt.dll 2012-07-08 19:16:26 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2012-07-08 19:15:41 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2012-07-08 19:15:41 47104 ----a-w- c:\windows\system32\wlanapi.dll 2012-07-08 19:15:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll 2012-07-08 19:15:40 502272 ----a-w- c:\windows\system32\wlansvc.dll 2012-07-08 19:15:40 297984 ----a-w- c:\windows\system32\wlansec.dll 2012-07-08 19:15:40 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml6r.dll 2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-08 19:14:43 1406464 ----a-w- c:\windows\system32\msxml6.dll 2012-07-08 19:14:43 1260032 ----a-w- c:\windows\system32\msxml3.dll 2012-07-08 19:13:46 7680 ----a-w- c:\windows\system32\lsass.exe 2012-07-08 19:13:46 72704 ----a-w- c:\windows\system32\secur32.dll 2012-07-08 19:13:46 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-08 19:13:46 216576 ----a-w- c:\windows\system32\msv1_0.dll 2012-07-08 19:13:46 175104 ----a-w- c:\windows\system32\wdigest.dll 2012-07-08 19:13:46 1233920 ----a-w- c:\windows\system32\lsasrv.dll 2012-07-08 19:12:54 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-07-08 19:12:54 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-07-08 19:12:54 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-07-08 19:12:12 49664 ----a-w- c:\windows\system32\csrsrv.dll 2012-07-08 19:12:11 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-07-08 19:11:26 2855424 ----a-w- c:\windows\system32\mf.dll 2012-07-08 19:11:25 98816 ----a-w- c:\windows\system32\mfps.dll 2012-07-08 19:11:25 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2012-07-08 19:11:25 24576 ----a-w- c:\windows\system32\mfpmp.exe 2012-07-08 19:11:25 2048 ----a-w- c:\windows\system32\mferror.dll 2012-07-08 19:10:31 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-08 19:10:31 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-07-08 19:08:22 376832 ----a-w- c:\windows\system32\winhttp.dll 2012-07-08 19:07:37 434176 ----a-w- c:\windows\system32\vbscript.dll 2012-07-08 19:06:51 71680 ----a-w- c:\windows\system32\atl.dll 2012-07-08 19:05:29 297472 ----a-w- c:\windows\system32\gdi32.dll 2012-07-08 19:04:48 41984 ----a-w- c:\windows\system32\drivers\monitor.sys 2012-07-08 19:04:48 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-07-08 19:03:06 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2012-07-08 19:02:27 500736 ----a-w- c:\windows\system32\msdtcprx.dll 2012-07-08 19:02:27 30208 ----a-w- c:\windows\system32\xolehlp.dll 2012-07-08 19:01:43 156160 ----a-w- c:\windows\system32\wkssvc.dll 2012-07-08 19:00:03 36352 ----a-w- c:\windows\system32\tsgqec.dll 2012-07-08 19:00:03 116736 ----a-w- c:\windows\system32\aaclient.dll 2012-07-08 19:00:02 1871872 ----a-w- c:\windows\system32\mstscax.dll 2012-07-08 18:59:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2012-07-08 18:57:47 414208 ----a-w- c:\windows\system32\msscp.dll 2012-07-08 18:57:07 713728 ----a-w- c:\windows\system32\timedate.cpl 2012-07-08 18:56:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll 2012-07-08 18:55:32 86016 ----a-w- c:\windows\system32\icfupgd.dll 2012-07-08 18:55:32 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys 2012-07-08 18:55:32 396800 ----a-w- c:\windows\system32\MPSSVC.dll 2012-07-08 18:55:32 392192 ----a-w- c:\windows\system32\FirewallAPI.dll 2012-07-08 18:55:31 61952 ----a-w- c:\windows\system32\cmifw.dll 2012-07-08 18:55:31 16896 ----a-w- c:\windows\system32\wfapigp.dll 2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hcrstco.dll 2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hccoin.dll 2012-07-08 18:49:48 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-07-08 18:49:48 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-07-08 18:49:48 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-07-08 18:49:48 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-07-08 18:49:48 224768 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-07-08 18:49:48 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-07-08 18:47:25 24064 ----a-w- c:\windows\system32\netcfg.exe 2012-07-08 18:39:54 9728 ----a-w- c:\windows\system32\LAPRXY.DLL 2012-07-08 18:39:54 223232 ----a-w- c:\windows\system32\WMASF.DLL 2012-07-08 18:39:54 2048 ----a-w- c:\windows\system32\asferror.dll 2012-07-08 18:33:00 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2012-07-08 18:32:30 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b2b4340-9321-46d3-bd33-43192b504cdd}\mpengine.dll 2012-07-08 18:32:29 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-08 18:15:34 96760 ----a-w- c:\windows\system32\dfshim.dll 2012-07-08 18:15:34 41984 ----a-w- c:\windows\system32\netfxperf.dll 2012-07-08 18:15:33 282112 ----a-w- c:\windows\system32\mscoree.dll 2012-07-08 18:15:32 83968 ----a-w- c:\windows\system32\mscories.dll 2012-07-08 18:15:32 158720 ----a-w- c:\windows\system32\mscorier.dll 2012-07-08 18:00:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2012-07-08 18:00:18 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2012-07-08 18:00:18 1686528 ----a-w- c:\windows\system32\gameux.dll 2012-07-08 17:59:42 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2012-07-08 17:59:42 94720 ----a-w- c:\windows\system32\logagent.exe 2012-07-08 17:59:09 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2012-07-08 17:58:55 84480 ----a-w- c:\windows\system32\INETRES.dll 2012-07-08 17:58:55 737792 ----a-w- c:\windows\system32\inetcomm.dll 2012-07-08 17:58:32 60928 ----a-w- c:\windows\system32\msasn1.dll 2012-07-08 17:58:11 1645568 ----a-w- c:\windows\system32\connect.dll 2012-07-08 17:57:53 5120 ----a-w- c:\windows\system32\wmi.dll 2012-07-08 17:57:53 152576 ----a-w- c:\windows\system32\imagehlp.dll 2012-07-08 17:57:53 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-07-08 17:57:35 788992 ----a-w- c:\windows\system32\rpcrt4.dll 2012-07-08 17:56:55 396800 ----a-w- c:\windows\system32\drivers\http.sys 2012-07-08 17:56:55 31232 ----a-w- c:\windows\system32\httpapi.dll 2012-07-08 17:56:55 24064 ----a-w- c:\windows\system32\nshhttp.dll 2012-07-08 17:55:15 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-07-08 17:54:52 974336 ----a-w- c:\windows\system32\crypt32.dll 2012-07-08 17:54:39 274432 ----a-w- c:\windows\system32\raschap.dll 2012-07-08 17:54:38 232960 ----a-w- c:\windows\system32\rastls.dll 2012-07-08 17:54:19 321536 ----a-w- c:\windows\system32\WSDApi.dll 2012-07-08 17:54:00 633856 ----a-w- c:\windows\system32\user32.dll 2012-07-08 17:53:00 88576 ----a-w- c:\windows\system32\avifil32.dll 2012-07-08 17:53:00 82944 ----a-w- c:\windows\system32\mciavi32.dll 2012-07-08 17:53:00 65024 ----a-w- c:\windows\system32\avicap32.dll 2012-07-08 17:53:00 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2012-07-08 17:53:00 22528 ----a-w- c:\windows\system32\msyuv.dll 2012-07-08 17:53:00 1327616 ----a-w- c:\windows\system32\quartz.dll 2012-07-08 17:53:00 123904 ----a-w- c:\windows\system32\msvfw32.dll 2012-07-08 17:53:00 11776 ----a-w- c:\windows\system32\tsbyuv.dll . ==================== Find3M ==================== . 2012-07-08 20:37:40 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui 2012-07-08 20:33:25 40960 ----a-w- c:\windows\apppatch\apihex86.dll 2012-07-08 19:25:03 72704 ----a-w- c:\windows\system32\admparse.dll 2012-07-08 19:25:02 832512 ----a-w- c:\windows\system32\wininet.dll 2012-07-08 19:25:02 52736 ----a-w- c:\windows\apppatch\iebrshim.dll 2012-07-08 19:24:58 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-07-08 19:24:58 389120 ----a-w- c:\windows\system32\html.iec 2012-07-08 19:24:57 48128 ----a-w- c:\windows\system32\mshtmler.dll 2012-07-08 19:24:56 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-08 19:24:54 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-08 19:24:52 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2012-07-08 19:24:50 56320 ----a-w- c:\windows\system32\iesetup.dll 2012-07-08 18:00:20 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2012-07-08 18:00:19 537600 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-07-08 18:00:19 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2012-07-08 18:00:19 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll 2012-07-08 18:00:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2012-07-08 17:52:59 31232 ----a-w- c:\windows\system32\msvidc32.dll 2012-07-08 17:52:59 13312 ----a-w- c:\windows\system32\msrle32.dll 2012-07-08 17:52:41 750080 ----a-w- c:\windows\system32\qmgr.dll 2012-07-08 17:52:28 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2012-07-08 17:52:05 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2012-07-08 17:52:03 7680 ----a-w- c:\windows\system32\spwmp.dll 2012-07-08 17:52:03 4096 ----a-w- c:\windows\system32\dxmasf.dll 2012-07-08 17:52:02 4096 ----a-w- c:\windows\system32\msdxm.ocx 2012-07-08 17:52:00 311296 ----a-w- c:\windows\system32\unregmp2.exe . ============= FINISH: 22:59:59.74 ===============
  4. I just rebooted. I appear to have my programs back. Thank you. I re-installed Vista yesterday. No, I don't use lolo System Mechanic. What kind of program is that? I'll run the DDS now.
  5. I just tried to run DDS and I received the message "Illegal operation attempted on a registry key that has been marked for deletion."
  6. Oh yes, and during the ComboFix scan the Outlook progress bar came up even though the program was not active. I was not connected to the internet and didn't touch the computer until it looked like ComboFix was complete.
  7. When I try to open a program from the start menu or if I go to the C:/Program Files/a specific program... the message that comes up is "Illegal operation attempted on a registry key that has been marked for deletion" Would you still like me to try rebooting?
  8. PS: I should probably mention that I reloaded the system software and reformatted the disk. When I ran the Malwarebytes full scan I still had this "Pum.hijack.StartMenu" malware appear.
  9. Hi Chris, Whoa! After running the ComboFix the system went really wacky. I was unable to access anything in the start-up menu. I'm writing to you from my old MAC. Luckily I was able to access the log... ComboFix 12-07-08.03 - Karen 07/09/2012 21:50:47.3.1 - x86 MicrosoftÆ Windows Vistaô Home Premium 6.0.6000.0.1252.1.1033.18.2039.1237 [GMT -4:00] Running from: c:\users\Karen\Downloads\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 01:57 . 2012-07-10 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-09 21:11 . 2012-07-09 21:11 -------- d-----w- c:\program files\SumatraPDF 2012-07-09 19:46 . 2012-07-09 19:46 -------- dc----w- c:\windows\system32\DRVSTORE 2012-07-09 19:46 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-07-09 19:46 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-09 19:45 . 2012-07-09 19:45 -------- d-----w- c:\program files\iPod 2012-07-09 19:45 . 2012-07-09 19:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-07-09 19:45 . 2012-07-09 19:46 -------- d-----w- c:\program files\iTunes 2012-07-09 19:43 . 2012-07-09 19:44 -------- d-----w- c:\program files\QuickTime 2012-07-09 19:43 . 2012-07-09 19:45 -------- d-----w- c:\programdata\Apple Computer 2012-07-09 19:43 . 2012-07-09 19:43 -------- d-----w- c:\program files\Apple Software Update 2012-07-09 19:40 . 2012-07-09 19:40 -------- d-----w- c:\program files\Bonjour 2012-07-09 19:40 . 2012-07-09 19:45 -------- d-----w- c:\program files\Common Files\Apple 2012-07-09 19:40 . 2012-07-09 19:40 -------- d-----w- c:\programdata\Apple 2012-07-09 19:32 . 2012-07-09 19:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-09 19:32 . 2012-07-09 19:37 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-07-09 19:31 . 2012-07-09 19:31 -------- d-----w- c:\program files\Unlocker 2012-07-09 19:28 . 2009-07-14 01:19 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-07-09 19:28 . 2009-07-14 01:19 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-07-09 19:25 . 2012-07-09 19:27 -------- d-----w- c:\program files\Synaptics 2012-07-09 19:25 . 2012-07-09 19:25 -------- d-----w- c:\programdata\Synaptics 2012-07-09 19:25 . 2009-08-07 14:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-09 19:25 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-07-09 19:25 . 2011-03-31 23:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-07-09 19:25 . 2011-03-31 23:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll 2012-07-09 19:25 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynCOM.dll 2012-07-09 19:25 . 2011-03-31 23:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-07-09 19:24 . 2012-07-09 19:24 -------- d-----w- c:\program files\PeaZip 2012-07-09 19:14 . 2012-07-09 19:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-09 19:14 . 2012-07-09 19:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-09 19:14 . 2012-07-09 19:14 -------- d-----w- c:\windows\system32\Macromed 2012-07-09 18:24 . 2007-04-09 17:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2012-07-09 18:24 . 2007-04-09 17:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-07-09 18:23 . 2012-07-09 18:23 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-07-09 18:21 . 2012-07-09 18:21 -------- d-----w- c:\windows\PCHEALTH 2012-07-09 18:21 . 2012-07-09 18:21 -------- d-----w- c:\program files\Microsoft.NET 2012-07-09 18:20 . 2012-07-09 18:20 -------- d-----r- C:\MSOCache 2012-07-09 13:29 . 2012-07-09 13:29 -------- d-----w- c:\program files\CCleaner 2012-07-09 13:26 . 2011-12-23 03:09 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2012-07-09 13:26 . 2011-12-23 03:09 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2012-07-09 13:26 . 2011-12-23 03:09 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys 2012-07-09 13:26 . 2012-02-08 19:47 42120 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2012-07-09 13:26 . 2011-12-23 03:09 20616 ----a-w- c:\windows\system32\fbnative.exe 2012-07-09 13:25 . 2012-07-09 13:25 -------- d-----w- c:\program files\EaseUS 2012-07-09 03:43 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-09 03:43 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-09 03:43 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-09 03:43 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-09 03:43 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-09 03:43 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-09 03:42 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr 2012-07-09 03:42 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-09 03:41 . 2012-07-09 03:41 -------- d-----w- c:\programdata\AVAST Software 2012-07-09 03:41 . 2012-07-09 03:41 -------- d-----w- c:\program files\AVAST Software 2012-07-09 02:33 . 2012-07-09 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-09 02:33 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-08 23:58 . 2006-11-02 09:46 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL 2012-07-08 22:51 . 2012-07-08 22:51 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-07-08 21:56 . 2012-07-08 21:56 -------- d-----w- c:\programdata\Malwarebytes 2012-07-08 21:26 . 2012-07-09 19:59 -------- d-sh--w- c:\windows\Installer 2012-07-08 20:50 . 2012-07-08 20:50 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2012-07-08 20:50 . 2012-07-08 20:50 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll 2012-07-08 20:50 . 2012-07-08 20:50 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll 2012-07-08 20:50 . 2012-07-08 20:50 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2012-07-08 20:49 . 2012-07-08 20:49 80896 ----a-w- c:\windows\system32\MSNP.ax 2012-07-08 20:49 . 2012-07-08 20:49 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-07-08 20:49 . 2012-07-08 20:49 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-07-08 20:49 . 2012-07-08 20:49 428032 ----a-w- c:\windows\system32\EncDec.dll 2012-07-08 20:49 . 2012-07-08 20:49 292352 ----a-w- c:\windows\system32\psisdecd.dll 2012-07-08 20:49 . 2012-07-08 20:49 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-07-08 20:49 . 2012-07-08 20:49 177152 ----a-w- c:\windows\system32\mpg2splt.ax 2012-07-08 20:49 . 2012-07-08 20:49 1244672 ----a-w- c:\windows\system32\mcmde.dll 2012-07-08 20:46 . 2012-07-08 20:46 2048 ----a-w- c:\windows\system32\tzres.dll 2012-07-08 20:45 . 2012-07-08 20:45 696832 ----a-w- c:\windows\system32\localspl.dll 2012-07-08 20:44 . 2012-07-08 20:44 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys 2012-07-08 20:44 . 2012-07-08 20:44 21560 ----a-w- c:\windows\system32\drivers\atapi.sys 2012-07-08 20:44 . 2012-07-08 20:44 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-07-08 20:44 . 2012-07-08 20:44 17464 ----a-w- c:\windows\system32\drivers\intelide.sys 2012-07-08 20:44 . 2012-07-08 20:44 109624 ----a-w- c:\windows\system32\drivers\ataport.sys 2012-07-08 20:44 . 2012-07-08 20:44 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys 2012-07-08 20:44 . 2012-07-08 20:44 104448 ----a-w- c:\windows\system32\DWWIN.EXE 2012-07-08 20:44 . 2012-07-08 20:44 2923520 ----a-w- c:\windows\explorer.exe 2012-07-08 20:43 . 2012-07-08 20:43 171520 ----a-w- c:\windows\system32\wintrust.dll 2012-07-08 20:42 . 2012-07-08 20:42 494592 ----a-w- c:\windows\system32\kerberos.dll 2012-07-08 20:42 . 2012-07-08 20:42 272384 ----a-w- c:\windows\system32\schannel.dll 2012-07-08 20:38 . 2012-07-08 20:38 1585664 ----a-w- c:\windows\system32\setupapi.dll 2012-07-08 20:36 . 2012-07-08 20:36 549888 ----a-w- c:\windows\system32\rpcss.dll 2012-07-08 20:36 . 2012-07-08 20:36 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-07-08 20:36 . 2012-07-08 20:36 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2012-07-08 20:36 . 2012-07-08 20:36 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-07-08 20:36 . 2012-07-08 20:36 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2012-07-08 20:36 . 2012-07-08 20:36 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2012-07-08 20:36 . 2012-07-08 20:36 53248 ----a-w- c:\windows\system32\iasads.dll 2012-07-08 20:36 . 2012-07-08 20:36 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2012-07-08 20:36 . 2012-07-08 20:36 37888 ----a-w- c:\windows\system32\iasdatastore.dll 2012-07-08 20:36 . 2012-07-08 20:36 158720 ----a-w- c:\windows\system32\sdohlp.dll 2012-07-08 20:36 . 2012-07-08 20:36 97280 ----a-w- c:\windows\system32\iasrecst.dll 2012-07-08 20:35 . 2012-07-08 20:35 62464 ----a-w- c:\windows\system32\l3codeca.acm 2012-07-08 20:35 . 2012-07-08 20:35 220672 ----a-w- c:\windows\system32\l3codecp.acm 2012-07-08 20:34 . 2012-07-08 20:34 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-07-08 20:34 . 2012-07-08 20:34 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2012-07-08 20:34 . 2012-07-08 20:34 22016 ----a-w- c:\windows\system32\netiougc.exe 2012-07-08 20:34 . 2012-07-08 20:34 179712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-07-08 20:34 . 2012-07-08 20:34 167424 ----a-w- c:\windows\system32\tcpipcfg.dll 2012-07-08 20:34 . 2012-07-08 20:34 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2012-07-08 20:34 . 2012-07-08 20:34 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys 2012-07-08 20:34 . 2012-07-08 20:34 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll 2012-07-08 20:33 . 2012-07-08 20:33 25600 ----a-w- c:\windows\system32\amxread.dll 2012-07-08 20:33 . 2012-07-08 20:33 14848 ----a-w- c:\windows\system32\apilogen.dll 2012-07-08 20:32 . 2012-07-08 20:32 33280 ----a-w- c:\windows\system32\slwmi.dll 2012-07-08 20:32 . 2012-07-08 20:32 268288 ----a-w- c:\windows\system32\mcbuilder.exe 2012-07-08 20:32 . 2012-07-08 20:32 223232 ----a-w- c:\windows\system32\SLC.dll 2012-07-08 20:32 . 2012-07-08 20:32 57856 ----a-w- c:\windows\system32\SLUINotify.dll 2012-07-08 20:32 . 2012-07-08 20:32 566784 ----a-w- c:\windows\system32\SLCommDlg.dll 2012-07-08 20:32 . 2012-07-08 20:32 351232 ----a-w- c:\windows\system32\SLUI.exe 2012-07-08 20:32 . 2012-07-08 20:32 2605568 ----a-w- c:\windows\system32\SLsvc.exe 2012-07-08 20:32 . 2012-07-08 20:32 186368 ----a-w- c:\windows\system32\SLLUA.exe 2012-07-08 20:32 . 2012-07-08 20:32 39936 ----a-w- c:\windows\system32\slcinst.dll 2012-07-08 20:32 . 2012-07-08 20:32 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-07-08 20:32 . 2012-07-08 20:32 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-07-08 20:32 . 2012-07-08 20:32 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-07-08 20:31 . 2012-07-08 20:31 97792 ----a-w- c:\windows\system32\cabview.dll 2012-07-08 20:30 . 2012-07-08 20:30 61440 ----a-w- c:\windows\system32\ntprint.exe 2012-07-08 20:30 . 2012-07-08 20:30 220160 ----a-w- c:\windows\system32\ntprint.dll 2012-07-08 20:30 . 2012-07-08 20:30 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-08 20:37 . 2012-07-08 20:37 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui 2012-07-08 20:37 . 2012-07-08 20:37 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui 2012-07-08 20:37 . 2012-07-08 20:37 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui 2012-07-08 20:37 . 2012-07-08 20:37 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui 2012-07-08 20:37 . 2012-07-08 20:37 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui 2012-07-08 20:37 . 2012-07-08 20:37 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui 2012-07-08 20:33 . 2012-07-08 20:33 40960 ----a-w- c:\windows\apppatch\apihex86.dll 2012-07-08 19:25 . 2012-07-08 19:25 52736 ----a-w- c:\windows\apppatch\iebrshim.dll 2012-07-08 18:00 . 2012-07-08 18:00 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2012-07-08 18:00 . 2012-07-08 18:00 537600 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-07-08 18:00 . 2012-07-08 18:00 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2012-07-08 18:00 . 2012-07-08 18:00 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll 2012-07-08 18:00 . 2012-07-08 18:00 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2012-06-14 22:20 . 2012-07-08 22:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792] "EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-7-9 45056] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mdg.ca uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\8nqeqz1p.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-09 21:57 Windows 6.0.6000 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1172) c:\program files\Spybot - Search & Destroy\SDHelper.dll . Completion time: 2012-07-09 22:01:22 ComboFix-quarantined-files.txt 2012-07-10 02:01 ComboFix2.txt 2012-07-09 01:03 ComboFix3.txt 2012-07-09 00:40 . Pre-Run: 51,930,812,416 bytes free Post-Run: 51,828,146,176 bytes free . - - End Of File - - DC265D175DE3A13DF29881601FC3AE67 Thanks again, Karen
  10. Hi Chris, Here's the MBAM Quick Scan... I noticed that the "Pum.hijack.StartMenu" malware doesn't show up on the quick scan. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.09.14 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Karen :: KAREN-PC [administrator] 7/9/2012 8:58:53 PM mbam-log-2012-07-09 (20-58-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191476 Time elapsed: 7 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) -------------------------------------------------- Here's the DDS.txt... . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.16982 Run by Karen at 21:12:09 on 2012-07-09 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2039.1051 [GMT -4:00] . . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\vds.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Synaptics\Scrybe\scrybe.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.mdg.ca uInternet Settings,ProxyOverride = *.local BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe" mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe" mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9DE7A134-F33D-4BCE-B454-7DB493DB99F2} : DhcpNameServer = 192.168.0.1 . ================= FIREFOX =================== . FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\8nqeqz1p.default\ FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-7-9 50312] R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-7-9 42120] R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-8 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-8 353688] R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-7-9 17032] R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-7-9 187016] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-8 21256] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-8 57656] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-8 44808] R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-7-9 61064] R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-7-9 23176] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-9 1153368] R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-8 113120] . =============== Created Last 30 ================ . 2012-07-09 21:11:28 -------- d-----w- c:\users\karen\appdata\roaming\SumatraPDF 2012-07-09 21:11:20 -------- d-----w- c:\program files\SumatraPDF 2012-07-09 19:51:32 -------- d-----w- c:\users\karen\appdata\roaming\Synaptics 2012-07-09 19:46:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-07-09 19:46:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-09 19:45:29 -------- d-----w- c:\program files\iPod 2012-07-09 19:45:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-07-09 19:45:25 -------- d-----w- c:\program files\iTunes 2012-07-09 19:43:25 -------- d-----w- c:\users\karen\appdata\local\Apple 2012-07-09 19:40:26 -------- d-----w- c:\program files\Bonjour 2012-07-09 19:32:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-09 19:32:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-07-09 19:31:21 -------- d-----w- c:\program files\Unlocker 2012-07-09 19:28:47 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-07-09 19:28:47 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-07-09 19:25:17 -------- d-----w- c:\programdata\Synaptics 2012-07-09 19:25:17 -------- d-----w- c:\program files\Synaptics 2012-07-09 19:25:08 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-09 19:25:06 218408 ----a-w- c:\windows\system32\SynCtrl.dll 2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynCOM.dll 2012-07-09 19:25:06 120104 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-07-09 19:25:05 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-07-09 19:24:20 -------- d-----w- c:\program files\PeaZip 2012-07-09 19:15:39 -------- d-----w- c:\users\karen\appdata\local\Macromedia 2012-07-09 19:14:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-09 19:14:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-09 18:24:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll 2012-07-09 18:24:02 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-07-09 18:23:00 -------- d-----w- c:\program files\Microsoft ActiveSync 2012-07-09 18:21:32 -------- d-----w- c:\windows\PCHEALTH 2012-07-09 13:29:27 -------- d-----w- c:\program files\CCleaner 2012-07-09 13:26:58 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys 2012-07-09 13:26:57 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys 2012-07-09 13:26:57 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys 2012-07-09 13:26:55 42120 ----a-w- c:\windows\system32\drivers\EUBKMON.sys 2012-07-09 13:26:26 20616 ----a-w- c:\windows\system32\fbnative.exe 2012-07-09 13:25:40 -------- d-----w- c:\program files\EaseUS 2012-07-09 03:43:33 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-09 03:43:31 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-09 03:42:20 41224 ----a-w- c:\windows\avastSS.scr 2012-07-09 03:41:39 -------- d-----w- c:\programdata\AVAST Software 2012-07-09 03:41:39 -------- d-----w- c:\program files\AVAST Software 2012-07-09 02:33:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-09 02:33:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-09 01:03:47 -------- d-----w- c:\users\karen\appdata\local\temp 2012-07-09 01:03:17 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-09 00:33:41 98816 ----a-w- c:\windows\sed.exe 2012-07-09 00:33:41 518144 ----a-w- c:\windows\SWREG.exe 2012-07-09 00:33:41 256000 ----a-w- c:\windows\PEV.exe 2012-07-09 00:33:41 208896 ----a-w- c:\windows\MBR.exe 2012-07-08 23:58:50 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL 2012-07-08 21:56:55 -------- d-----w- c:\users\karen\appdata\roaming\Malwarebytes 2012-07-08 21:56:47 -------- d-----w- c:\programdata\Malwarebytes 2012-07-08 21:26:14 -------- d-sh--w- c:\windows\Installer 2012-07-08 20:50:45 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe 2012-07-08 20:50:44 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll 2012-07-08 20:50:44 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll 2012-07-08 20:50:44 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll 2012-07-08 20:49:07 80896 ----a-w- c:\windows\system32\MSNP.ax 2012-07-08 20:49:07 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-07-08 20:49:07 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-07-08 20:49:07 428032 ----a-w- c:\windows\system32\EncDec.dll 2012-07-08 20:49:07 292352 ----a-w- c:\windows\system32\psisdecd.dll 2012-07-08 20:49:07 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-07-08 20:49:07 177152 ----a-w- c:\windows\system32\mpg2splt.ax 2012-07-08 20:49:07 1244672 ----a-w- c:\windows\system32\mcmde.dll 2012-07-08 20:46:44 2048 ----a-w- c:\windows\system32\tzres.dll 2012-07-08 20:45:58 696832 ----a-w- c:\windows\system32\localspl.dll 2012-07-08 20:44:54 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys 2012-07-08 20:44:54 21560 ----a-w- c:\windows\system32\drivers\atapi.sys 2012-07-08 20:44:54 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-07-08 20:44:54 17464 ----a-w- c:\windows\system32\drivers\intelide.sys 2012-07-08 20:44:54 109624 ----a-w- c:\windows\system32\drivers\ataport.sys 2012-07-08 20:44:53 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys 2012-07-08 20:44:30 104448 ----a-w- c:\windows\system32\DWWIN.EXE 2012-07-08 20:44:05 2923520 ----a-w- c:\windows\explorer.exe 2012-07-08 20:43:32 171520 ----a-w- c:\windows\system32\wintrust.dll 2012-07-08 20:42:59 494592 ----a-w- c:\windows\system32\kerberos.dll 2012-07-08 20:42:58 272384 ----a-w- c:\windows\system32\schannel.dll 2012-07-08 20:38:01 1585664 ----a-w- c:\windows\system32\setupapi.dll 2012-07-08 20:36:24 549888 ----a-w- c:\windows\system32\rpcss.dll 2012-07-08 20:36:23 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2012-07-08 20:36:23 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2012-07-08 20:36:23 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2012-07-08 20:36:23 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2012-07-08 20:36:22 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2012-07-08 20:36:22 53248 ----a-w- c:\windows\system32\iasads.dll 2012-07-08 20:36:22 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2012-07-08 20:36:22 37888 ----a-w- c:\windows\system32\iasdatastore.dll 2012-07-08 20:36:22 158720 ----a-w- c:\windows\system32\sdohlp.dll 2012-07-08 20:36:21 97280 ----a-w- c:\windows\system32\iasrecst.dll 2012-07-08 20:35:49 62464 ----a-w- c:\windows\system32\l3codeca.acm 2012-07-08 20:35:49 220672 ----a-w- c:\windows\system32\l3codecp.acm 2012-07-08 20:34:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-07-08 20:34:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2012-07-08 20:34:52 22016 ----a-w- c:\windows\system32\netiougc.exe 2012-07-08 20:34:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-07-08 20:34:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll 2012-07-08 20:34:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS 2012-07-08 20:34:25 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys 2012-07-08 20:34:06 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2012-07-08 20:33:25 25600 ----a-w- c:\windows\system32\amxread.dll 2012-07-08 20:33:25 14848 ----a-w- c:\windows\system32\apilogen.dll 2012-07-08 20:32:56 33280 ----a-w- c:\windows\system32\slwmi.dll 2012-07-08 20:32:56 268288 ----a-w- c:\windows\system32\mcbuilder.exe 2012-07-08 20:32:56 223232 ----a-w- c:\windows\system32\SLC.dll 2012-07-08 20:32:55 57856 ----a-w- c:\windows\system32\SLUINotify.dll 2012-07-08 20:32:55 566784 ----a-w- c:\windows\system32\SLCommDlg.dll 2012-07-08 20:32:55 351232 ----a-w- c:\windows\system32\SLUI.exe 2012-07-08 20:32:55 2605568 ----a-w- c:\windows\system32\SLsvc.exe 2012-07-08 20:32:55 186368 ----a-w- c:\windows\system32\SLLUA.exe 2012-07-08 20:32:54 39936 ----a-w- c:\windows\system32\slcinst.dll 2012-07-08 20:32:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-07-08 20:32:23 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll 2012-07-08 20:32:23 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-07-08 20:31:42 97792 ----a-w- c:\windows\system32\cabview.dll 2012-07-08 20:30:42 61440 ----a-w- c:\windows\system32\ntprint.exe 2012-07-08 20:30:42 220160 ----a-w- c:\windows\system32\ntprint.dll 2012-07-08 20:30:41 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-07-08 20:30:41 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll 2012-07-08 20:30:40 1984512 ----a-w- c:\windows\system32\authui.dll 2012-07-08 20:30:39 69632 ----a-w- c:\windows\system32\sendmail.dll 2012-07-08 20:30:38 8138240 ----a-w- c:\windows\system32\ssBranded.scr 2012-07-08 20:29:58 441856 ----a-w- c:\windows\system32\win32spl.dll 2012-07-08 20:29:58 37376 ----a-w- c:\windows\system32\printcom.dll 2012-07-08 20:29:41 2031104 ----a-w- c:\windows\system32\win32k.sys 2012-07-08 20:29:25 14848 ----a-w- c:\windows\system32\wshrm.dll 2012-07-08 20:29:25 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2012-07-08 20:29:02 43520 ----a-w- c:\windows\system32\msdxm.tlb 2012-07-08 20:29:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2012-07-08 20:29:02 18432 ----a-w- c:\windows\system32\amcompat.tlb 2012-07-08 20:28:21 515584 ----a-w- c:\windows\system32\RMActivate.exe 2012-07-08 20:28:21 472576 ----a-w- c:\windows\system32\secproc.dll 2012-07-08 20:28:21 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2012-07-08 20:28:21 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2012-07-08 20:28:21 312320 ----a-w- c:\windows\system32\msdrm.dll 2012-07-08 20:28:21 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2012-07-08 20:28:21 154112 ----a-w- c:\windows\system32\secproc_ssp.dll 2012-07-08 20:28:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2012-07-08 20:28:20 473088 ----a-w- c:\windows\system32\secproc_isv.dll 2012-07-08 20:27:50 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll 2012-07-08 20:27:50 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe 2012-07-08 20:27:50 11776 ----a-w- c:\windows\system32\sbunattend.exe 2012-07-08 20:27:29 83968 ----a-w- c:\windows\system32\dnsrslvr.dll 2012-07-08 20:27:29 24576 ----a-w- c:\windows\system32\dnscacheugc.exe 2012-07-08 20:27:20 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2012-07-08 20:25:42 97800 ----a-w- c:\windows\system32\infocardapi.dll 2012-07-08 20:25:42 622080 ----a-w- c:\windows\system32\icardagt.exe 2012-07-08 20:25:42 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2012-07-08 20:25:42 11264 ----a-w- c:\windows\system32\icardres.dll 2012-07-08 20:25:39 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2012-07-08 20:25:38 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2012-07-08 20:25:38 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2012-07-08 20:25:38 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2012-07-08 20:14:01 -------- d-----w- C:\Boot 2012-07-08 20:13:26 -------- d-----w- c:\windows\system32\OEM 2012-07-08 20:13:26 -------- d-----w- c:\windows\PANTHER 2012-07-08 19:44:20 -------- d-----w- c:\users\karen\appdata\local\Microsoft Games 2012-07-08 19:26:39 72704 ----a-w- c:\windows\system32\fontsub.dll 2012-07-08 19:26:39 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-07-08 19:26:39 289792 ----a-w- c:\windows\system32\atmfd.dll 2012-07-08 19:26:39 24064 ----a-w- c:\windows\system32\lpk.dll 2012-07-08 19:26:39 156672 ----a-w- c:\windows\system32\t2embed.dll 2012-07-08 19:26:39 10240 ----a-w- c:\windows\system32\dciman32.dll 2012-07-08 19:23:05 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2012-07-08 19:23:04 61440 ----a-w- c:\windows\system32\winipsec.dll 2012-07-08 19:23:04 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2012-07-08 19:23:04 272896 ----a-w- c:\windows\system32\polstore.dll 2012-07-08 19:21:20 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-07-08 19:21:20 306688 ----a-w- c:\windows\system32\drivers\srv.sys 2012-07-08 19:20:30 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2012-07-08 19:20:30 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2012-07-08 19:20:30 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2012-07-08 19:19:40 707072 ----a-w- c:\program files\common files\system\wab32.dll 2012-07-08 19:19:40 41984 ----a-w- c:\program files\windows mail\wabimp.dll 2012-07-08 19:19:40 39424 ----a-w- c:\windows\system32\ACCTRES.dll 2012-07-08 19:19:40 1098752 ----a-w- c:\program files\common files\system\wab32res.dll 2012-07-08 19:19:39 87040 ----a-w- c:\windows\system32\msoert2.dll 2012-07-08 19:19:39 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll 2012-07-08 19:19:39 205824 ----a-w- c:\windows\system32\msoeacct.dll 2012-07-08 19:19:39 1614848 ----a-w- c:\program files\windows mail\msoe.dll 2012-07-08 19:19:36 397312 ----a-w- c:\program files\windows mail\WinMail.exe 2012-07-08 19:19:36 24064 ----a-w- c:\program files\common files\system\DirectDB.dll 2012-07-08 19:19:35 81408 ----a-w- c:\program files\windows mail\oeimport.dll 2012-07-08 19:18:28 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2012-07-08 19:18:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2012-07-08 19:18:28 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2012-07-08 19:18:28 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2012-07-08 19:18:28 15360 ----a-w- c:\windows\system32\netevent.dll 2012-07-08 19:18:28 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2012-07-08 19:18:28 103936 ----a-w- c:\windows\system32\netiohlp.dll 2012-07-08 19:18:28 10240 ----a-w- c:\windows\system32\finger.exe 2012-07-08 19:18:27 19968 ----a-w- c:\windows\system32\ARP.EXE 2012-07-08 19:18:26 213592 ----a-w- c:\windows\system32\drivers\netio.sys 2012-07-08 19:17:14 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr 2012-07-08 19:17:14 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll 2012-07-08 19:17:13 258232 ----a-w- c:\windows\system32\drivers\acpi.sys 2012-07-08 19:17:13 24064 ----a-w- c:\windows\system32\wtsapi32.dll 2012-07-08 19:17:13 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys 2012-07-08 19:17:12 28344 ----a-w- c:\windows\system32\drivers\battc.sys 2012-07-08 19:17:12 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys 2012-07-08 19:17:11 542720 ----a-w- c:\windows\system32\sysmain.dll 2012-07-08 19:16:26 194560 ----a-w- c:\windows\system32\WebClnt.dll 2012-07-08 19:16:26 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2012-07-08 19:15:41 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2012-07-08 19:15:41 47104 ----a-w- c:\windows\system32\wlanapi.dll 2012-07-08 19:15:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll 2012-07-08 19:15:40 502272 ----a-w- c:\windows\system32\wlansvc.dll 2012-07-08 19:15:40 297984 ----a-w- c:\windows\system32\wlansec.dll 2012-07-08 19:15:40 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml6r.dll 2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-08 19:14:43 1406464 ----a-w- c:\windows\system32\msxml6.dll 2012-07-08 19:14:43 1260032 ----a-w- c:\windows\system32\msxml3.dll 2012-07-08 19:13:46 7680 ----a-w- c:\windows\system32\lsass.exe 2012-07-08 19:13:46 72704 ----a-w- c:\windows\system32\secur32.dll 2012-07-08 19:13:46 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-08 19:13:46 216576 ----a-w- c:\windows\system32\msv1_0.dll 2012-07-08 19:13:46 175104 ----a-w- c:\windows\system32\wdigest.dll 2012-07-08 19:13:46 1233920 ----a-w- c:\windows\system32\lsasrv.dll 2012-07-08 19:12:54 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-07-08 19:12:54 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-07-08 19:12:54 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-07-08 19:12:12 49664 ----a-w- c:\windows\system32\csrsrv.dll 2012-07-08 19:12:11 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-07-08 19:11:26 2855424 ----a-w- c:\windows\system32\mf.dll 2012-07-08 19:11:25 98816 ----a-w- c:\windows\system32\mfps.dll 2012-07-08 19:11:25 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2012-07-08 19:11:25 24576 ----a-w- c:\windows\system32\mfpmp.exe 2012-07-08 19:11:25 2048 ----a-w- c:\windows\system32\mferror.dll 2012-07-08 19:10:31 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-08 19:10:31 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-07-08 19:08:22 376832 ----a-w- c:\windows\system32\winhttp.dll 2012-07-08 19:07:37 434176 ----a-w- c:\windows\system32\vbscript.dll 2012-07-08 19:06:51 71680 ----a-w- c:\windows\system32\atl.dll 2012-07-08 19:05:29 297472 ----a-w- c:\windows\system32\gdi32.dll 2012-07-08 19:04:48 41984 ----a-w- c:\windows\system32\drivers\monitor.sys 2012-07-08 19:04:48 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-07-08 19:03:06 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2012-07-08 19:02:27 500736 ----a-w- c:\windows\system32\msdtcprx.dll 2012-07-08 19:02:27 30208 ----a-w- c:\windows\system32\xolehlp.dll 2012-07-08 19:01:43 156160 ----a-w- c:\windows\system32\wkssvc.dll 2012-07-08 19:00:03 36352 ----a-w- c:\windows\system32\tsgqec.dll 2012-07-08 19:00:03 116736 ----a-w- c:\windows\system32\aaclient.dll 2012-07-08 19:00:02 1871872 ----a-w- c:\windows\system32\mstscax.dll 2012-07-08 18:59:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2012-07-08 18:57:47 414208 ----a-w- c:\windows\system32\msscp.dll 2012-07-08 18:57:07 713728 ----a-w- c:\windows\system32\timedate.cpl 2012-07-08 18:56:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll 2012-07-08 18:55:32 86016 ----a-w- c:\windows\system32\icfupgd.dll 2012-07-08 18:55:32 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys 2012-07-08 18:55:32 396800 ----a-w- c:\windows\system32\MPSSVC.dll 2012-07-08 18:55:32 392192 ----a-w- c:\windows\system32\FirewallAPI.dll 2012-07-08 18:55:31 61952 ----a-w- c:\windows\system32\cmifw.dll 2012-07-08 18:55:31 16896 ----a-w- c:\windows\system32\wfapigp.dll 2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hcrstco.dll 2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hccoin.dll 2012-07-08 18:49:48 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-07-08 18:49:48 5888 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-07-08 18:49:48 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-07-08 18:49:48 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-07-08 18:49:48 224768 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-07-08 18:49:48 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-07-08 18:47:25 24064 ----a-w- c:\windows\system32\netcfg.exe 2012-07-08 18:39:54 9728 ----a-w- c:\windows\system32\LAPRXY.DLL 2012-07-08 18:39:54 223232 ----a-w- c:\windows\system32\WMASF.DLL 2012-07-08 18:39:54 2048 ----a-w- c:\windows\system32\asferror.dll 2012-07-08 18:33:00 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2012-07-08 18:32:30 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b2b4340-9321-46d3-bd33-43192b504cdd}\mpengine.dll 2012-07-08 18:32:29 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-07-08 18:15:34 96760 ----a-w- c:\windows\system32\dfshim.dll 2012-07-08 18:15:34 41984 ----a-w- c:\windows\system32\netfxperf.dll 2012-07-08 18:15:33 282112 ----a-w- c:\windows\system32\mscoree.dll 2012-07-08 18:15:32 83968 ----a-w- c:\windows\system32\mscories.dll 2012-07-08 18:15:32 158720 ----a-w- c:\windows\system32\mscorier.dll 2012-07-08 18:00:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2012-07-08 18:00:18 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2012-07-08 18:00:18 1686528 ----a-w- c:\windows\system32\gameux.dll 2012-07-08 17:59:42 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2012-07-08 17:59:42 94720 ----a-w- c:\windows\system32\logagent.exe 2012-07-08 17:59:09 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2012-07-08 17:58:55 84480 ----a-w- c:\windows\system32\INETRES.dll 2012-07-08 17:58:55 737792 ----a-w- c:\windows\system32\inetcomm.dll 2012-07-08 17:58:32 60928 ----a-w- c:\windows\system32\msasn1.dll 2012-07-08 17:58:11 1645568 ----a-w- c:\windows\system32\connect.dll 2012-07-08 17:57:53 5120 ----a-w- c:\windows\system32\wmi.dll 2012-07-08 17:57:53 152576 ----a-w- c:\windows\system32\imagehlp.dll 2012-07-08 17:57:53 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-07-08 17:57:35 788992 ----a-w- c:\windows\system32\rpcrt4.dll 2012-07-08 17:56:55 396800 ----a-w- c:\windows\system32\drivers\http.sys 2012-07-08 17:56:55 31232 ----a-w- c:\windows\system32\httpapi.dll 2012-07-08 17:56:55 24064 ----a-w- c:\windows\system32\nshhttp.dll 2012-07-08 17:55:15 130048 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-07-08 17:54:52 974336 ----a-w- c:\windows\system32\crypt32.dll 2012-07-08 17:54:39 274432 ----a-w- c:\windows\system32\raschap.dll 2012-07-08 17:54:38 232960 ----a-w- c:\windows\system32\rastls.dll 2012-07-08 17:54:19 321536 ----a-w- c:\windows\system32\WSDApi.dll 2012-07-08 17:54:00 633856 ----a-w- c:\windows\system32\user32.dll 2012-07-08 17:53:00 88576 ----a-w- c:\windows\system32\avifil32.dll 2012-07-08 17:53:00 82944 ----a-w- c:\windows\system32\mciavi32.dll 2012-07-08 17:53:00 65024 ----a-w- c:\windows\system32\avicap32.dll 2012-07-08 17:53:00 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2012-07-08 17:53:00 22528 ----a-w- c:\windows\system32\msyuv.dll 2012-07-08 17:53:00 1327616 ----a-w- c:\windows\system32\quartz.dll 2012-07-08 17:53:00 123904 ----a-w- c:\windows\system32\msvfw32.dll 2012-07-08 17:53:00 11776 ----a-w- c:\windows\system32\tsbyuv.dll . ==================== Find3M ==================== . 2012-07-08 20:37:40 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui 2012-07-08 20:33:25 40960 ----a-w- c:\windows\apppatch\apihex86.dll 2012-07-08 19:25:03 72704 ----a-w- c:\windows\system32\admparse.dll 2012-07-08 19:25:02 832512 ----a-w- c:\windows\system32\wininet.dll 2012-07-08 19:25:02 52736 ----a-w- c:\windows\apppatch\iebrshim.dll 2012-07-08 19:24:58 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-07-08 19:24:58 389120 ----a-w- c:\windows\system32\html.iec 2012-07-08 19:24:57 48128 ----a-w- c:\windows\system32\mshtmler.dll 2012-07-08 19:24:56 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-08 19:24:54 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-08 19:24:52 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2012-07-08 19:24:50 56320 ----a-w- c:\windows\system32\iesetup.dll 2012-07-08 18:00:20 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2012-07-08 18:00:19 537600 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-07-08 18:00:19 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2012-07-08 18:00:19 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll 2012-07-08 18:00:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2012-07-08 17:52:59 31232 ----a-w- c:\windows\system32\msvidc32.dll 2012-07-08 17:52:59 13312 ----a-w- c:\windows\system32\msrle32.dll 2012-07-08 17:52:41 750080 ----a-w- c:\windows\system32\qmgr.dll 2012-07-08 17:52:28 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2012-07-08 17:52:05 8147968 ----a-w- c:\windows\system32\wmploc.DLL 2012-07-08 17:52:03 7680 ----a-w- c:\windows\system32\spwmp.dll 2012-07-08 17:52:03 4096 ----a-w- c:\windows\system32\dxmasf.dll 2012-07-08 17:52:02 4096 ----a-w- c:\windows\system32\msdxm.ocx 2012-07-08 17:52:00 311296 ----a-w- c:\windows\system32\unregmp2.exe . ============= FINISH: 21:13:12.99 =============== Thanks so much for looking at this for me. Karen
  11. Hello, I have an MDG laptop and am using the Vista OS. I ran Malwarebytes and discovered I had "Pum.hijack.StartMenu" malware. I removed it. However, when I ran the next Malwarebytes scan it reappeared. Avast did not pick up on this. I re-installed the system software and clicked reformat. Once the updates were installed I ran Malwarebytes again and this bug showed up again. Please help! Thanking you in advance! Karen DDS.txt Attach.txt
  12. Oh boy! I provided the incorrect link above. This is the thread I found and followed the instructions... http://forums.malwarebytes.org/index.php?showtopic=106141 My apologies for any confusion I may have caused.
  13. Here are the log attachments... 2012-07-08-2-ComboFixScan.txt TDSSKiller.2.7.44.0_08.07.2012_20.31.07_log.txt
  14. Hello, I have an MDG laptop and am using the Vista OS. I ran Malwarebytes and discovered I had "Pum hijack start menu". I removed it. However, when I ran the next Malwarebytes scan it reappeared. Avast did not pick up on this. I re-installed the system software and clicked reformat (I think that was what it was called). And still I have this problem. I found this thread... http://forums.malwarebytes.org/index.php?showtopic=109674&hl=&fromsearch=1 I followed the instructions and this nasty bug still shows up. Help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.