Tigerhawk247

Haven't noticed an alert since the chrome reset. Here's the file. SecurityCheck.txt

Here they are. Addition.txt FRST.txt AdwCleaner[S01].txt Malwarebytes Scan Report 2024-04-30 205951.txt

Thank you, they should be attached. mbst-grab-results.zip

Hello, I've been getting a notice from malwarebytes about an rtp detection. It only points to chrome as the culprit. Please let me know if I've missed something in the instructions. Thank you! Addition.txt FRST.txt Malwarebytes Scan Report 2024-04-30 020642.txt

Alright, I cleaned all that up. Thank you so much for your help.

i haven't noticed any other issues.

Here are the files: OTL.txt OTL logfile created on: 4/3/2013 3:00:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jeisenbarth\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.88 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.76% Memory free 7.77 Gb Paging File | 6.46 Gb Available in Paging File | 83.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118.94 Gb Total Space | 78.91 Gb Free Space | 66.34% Space Free | Partition Type: NTFS Computer Name: R9K47YN | User Name: JEISENBARTH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\jeisenbarth\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () ========== Services (SafeList) ========== SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV:64bit: - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (fsprocsvc) -- C:\Windows\temp\fsprocsvc.exe (ForeScout) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (SROSVC) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited) SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://r-net.rollins.edu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r-net.rollins.edu/ IE - HKCU\..\SearchScopes,DefaultScope = {A8A96F24-6E7E-4AA7-ABEE-84FE3016D645} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{A8A96F24-6E7E-4AA7-ABEE-84FE3016D645}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=mkg114 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013/01/11 16:00:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://r-net.rollins.edu/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Users\jeisenbarth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: rollins.edu ([foxlink] https in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.20.1.10 10.20.1.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Rollins.edu O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C4FE41A-0115-49D1-B72D-3727B5B9C211}: DhcpNameServer = 10.20.1.10 10.20.1.20 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/04/03 14:58:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\OTL.exe [2013/04/03 12:01:15 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\TFC.exe [2013/04/03 11:08:53 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\jeisenbarth\Desktop\dds.scr [2013/04/03 09:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/04/03 09:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/04/01 16:56:55 | 000,000,000 | ---D | C] -- C:\Users\jeisenbarth\Desktop\mbar-1.01.0.1022 [2013/04/01 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\jeisenbarth\AppData\Roaming\Malwarebytes [2013/04/01 16:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/04/01 15:57:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/04/01 11:13:51 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/04/01 11:13:51 | 000,000,000 | ---D | C] -- C:\Users\jeisenbarth\AppData\Local\temp [2013/04/01 11:10:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/04/01 11:10:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/04/01 11:10:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/04/01 11:10:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/04/01 11:09:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/04/01 10:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/01 10:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/01 10:51:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/01 10:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/31 15:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\esy [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/04/03 14:58:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\OTL.exe [2013/04/03 14:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/04/03 14:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/04/03 12:12:58 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/04/03 12:10:40 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/04/03 12:10:40 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/04/03 12:08:10 | 000,782,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/04/03 12:08:10 | 000,662,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/04/03 12:08:10 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/04/03 12:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/04/03 12:03:29 | 3128,610,816 | -HS- | M] () -- C:\hiberfil.sys [2013/04/03 12:01:15 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\jeisenbarth\Desktop\TFC.exe [2013/04/03 11:08:53 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\jeisenbarth\Desktop\dds.scr [2013/04/03 09:00:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/04/03 09:00:23 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/04/03 08:47:31 | 000,416,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/04/01 16:56:28 | 012,894,739 | ---- | M] () -- C:\Users\jeisenbarth\Desktop\mbar-1.01.0.1022.zip [2013/04/01 10:51:21 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/01 10:22:01 | 000,007,656 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/03 09:00:22 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Center 2012 Endpoint Protection.lnk [2013/04/01 16:56:26 | 012,894,739 | ---- | C] () -- C:\Users\jeisenbarth\Desktop\mbar-1.01.0.1022.zip [2013/04/01 11:10:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/04/01 11:10:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/04/01 11:10:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/04/01 11:10:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/04/01 11:10:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/04/01 10:51:21 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/09 10:44:03 | 000,003,586 | RHS- | C] () -- C:\Users\jeisenbarth\ntuser.pol [2013/01/03 15:18:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2013/01/03 15:18:25 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2013/01/03 15:18:25 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013/01/03 12:46:00 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/03 12:34:03 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini [2013/01/03 12:33:35 | 000,007,656 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > extras.txt OTL Extras logfile created on: 4/3/2013 3:00:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jeisenbarth\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.88 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 68.76% Memory free 7.77 Gb Paging File | 6.46 Gb Available in Paging File | 83.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118.94 Gb Total Space | 78.91 Gb Free Space | 66.34% Space Free | Partition Type: NTFS Computer Name: R9K47YN | User Name: JEISENBARTH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] "Enabled" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List] "139:TCP:*:enabled:forescout139" = 139:TCP:*:enabled:forescout139 "445:TCP:*:enabled:forescout445" = 445:TCP:*:enabled:forescout445 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List] "139:TCP:*:enabled:forescout139" = 139:TCP:*:enabled:forescout139 "445:TCP:*:enabled:forescout445" = 445:TCP:*:enabled:forescout445 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{72926AE7-1900-40BF-ABDC-4BD095B175D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{AF396CC8-7CC7-45D0-BF16-412CC97353E7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04F21C9D-51D2-4490-8F72-0D74ABD16EDE}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe | "{114D8043-109E-4DD6-B8B9-FB2F69958EB5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1BFF2159-9943-499A-9D42-9A80884131CF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2F348BA8-78CB-4BDE-B3D0-83D04A335D5D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{87048012-BF46-4D37-83D6-B652A1C44539}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{B10A8856-44D9-4310-AE00-ACAE57C0E3D0}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{B16929EC-555D-447F-BDF8-41B3AC55C87D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{E9013587-166F-4769-A7B5-D0F39EDD8E99}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{F1CE8CF4-2713-4E1D-AC3F-351F3E0C1307}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{F4EF6891-E76E-4C52-9A9B-7C7C62842149}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{0C243024-B7AF-478B-B6F1-574A4AB0E07C}" = Microsoft Antimalware "{0E0818E4-C87B-4211-9791-E958BD34B96C}" = Microsoft Forefront Endpoint Protection 2010 Server Management "{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{4C7F9B08-C9B2-42EA-93F7-5A3093430450}" = Microsoft Security Client "{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel® WiDi "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Security Client" = System Center 2012 Endpoint Protection "OnScreenDisplay" = On Screen Display "Power Management Driver" = Lenovo Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{1B5BB58F-15F7-4224-A943-7CF354C5BB1C}" = "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Google Chrome" = Google Chrome "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "VLC media player" = VLC media player 2.0.1 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/29/2013 6:41:05 PM | Computer Name = R9K47YN.Rollins.edu | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting process id: 0x25b0 Faulting application start time: 0x01ce2ccd9189bdba Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: bd09b80f-98c1-11e2-ad98-60d819be0ebd Error - 3/29/2013 6:41:37 PM | Computer Name = R9K47YN.Rollins.edu | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting process id: 0x5584 Faulting application start time: 0x01ce2cce81b04533 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: d08f00a1-98c1-11e2-ad98-60d819be0ebd Error - 3/31/2013 4:09:11 PM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10 Description = Error - 4/1/2013 6:48:29 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10 Description = Error - 4/1/2013 10:21:51 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10 Description = Error - 4/1/2013 11:07:04 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10 Description = Error - 4/1/2013 3:24:38 PM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10 Description = Error - 4/1/2013 4:22:10 PM | Computer Name = R9K47YN.Rollins.edu | Source = Application Error | ID = 1000 Description = Faulting application name: jre-7u17-windows-i586-iftw.exe, version: 7.0.170.2, time stamp: 0x5130bc23 Faulting module name: JavaIC.dll, version: 1.2.0.0, time stamp: 0x503c027e Exception code: 0xc0000417 Fault offset: 0x0000534b Faulting process id: 0x4ec Faulting application start time: 0x01ce2f168a332cf3 Faulting application path: C:\Users\JEISEN~1\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe Faulting module path: C:\Users\JEISEN~1\AppData\Local\Temp\JavaIC.dll Report Id: d42fa273-9b09-11e2-85fd-60d819be0ebd Error - 4/3/2013 8:47:34 AM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10 Description = Error - 4/3/2013 12:03:38 PM | Computer Name = R9K47YN.Rollins.edu | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 4/1/2013 10:21:50 AM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 4/1/2013 11:07:02 AM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 4/1/2013 11:11:49 AM | Computer Name = R9K47YN.Rollins.edu | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/1/2013 11:12:51 AM | Computer Name = R9K47YN.Rollins.edu | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 4/1/2013 3:22:31 PM | Computer Name = R9K47YN.Rollins.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error - 4/1/2013 3:24:36 PM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 4/3/2013 8:47:32 AM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error - 4/3/2013 8:47:44 AM | Computer Name = R9K47YN.Rollins.edu | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error - 4/3/2013 12:01:41 PM | Computer Name = R9K47YN.Rollins.edu | Source = Service Control Manager | ID = 7034 Description = The On Screen Display service terminated unexpectedly. It has done this 1 time(s). Error - 4/3/2013 12:03:37 PM | Computer Name = R9K47YN.Rollins.edu | Source = NETLOGON | ID = 5719 Description = This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. < End of report >

I ran and restarted it. I forgot to mention though, I had to originally run malwarebytes from the actual administrator account since I didn't have his login info for his machine. It had found some other items as well. Here is the attached log file: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.01.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Administrator :: R9K47YN [administrator] 4/1/2013 10:51:57 AM mbam-log-2013-04-01 (10-51-57).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 357702 Time elapsed: 10 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\jeisenbarth\AppData\Local\Temp\DD31.tmp (Trojan.Ransom.WL) -> Quarantined and deleted successfully. C:\Users\jeisenbarth\AppData\Roaming\id.cff (Trojan.Ransom.WL) -> Quarantined and deleted successfully. (end)

Hi, Here is the log for malwarebytes Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.01.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 jeisenbarth :: R9K47YN [administrator] 4/1/2013 4:23:27 PM mbam-log-2013-04-01 (16-23-27).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 361500 Time elapsed: 9 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Hijack.Shell.Gen) -> Data: C:\Users\jeisenbarth\AppData\Roaming\id.cff,explorer.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) and here is the eset scan C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Users\jeisenbarth\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\666a625e-65cb1520 a variant of Java/Exploit.CVE-2013-0431.I trojan cleaned by deleting - quarantined C:\Users\jeisenbarth\Documents\Downloads\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined C:\Users\jeisenbarth\Pictures\Danielle\MyFunCardsSetup2.3.50.57.SA.HP.ZUfox000.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined System Center 2012 Endpoint protection also found something that it removed on the full scan: Items: file:C:\Users\jeisenbarth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJQNW44G\q[1].htm

Hi, A friend gave me their computer to try and clean. I ran malwarebytes and it found a hijack.shell.gen infection. I also had run an eset scan and endpoint protection scans and have found various things. I'd like to make sure this machine is clean before I give it back. Here are the ddr log files. dds.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 Run by JEISENBARTH at 11:09:16 on 2013-04-03 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3978.2313 [GMT -4:00] . AV: System Center 2012 Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: System Center 2012 Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Windows\system32\CxAudMsg64.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k regsvc C:\Windows\SysWOW64\SAsrv.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\Windows\system32\Dwm.exe C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\TpShocks.exe C:\Program Files\CONEXANT\ForteConfig\fmapp.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files\Microsoft Security Client\msseces.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe C:\Windows\TEMP\fsprocsvc.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://r-net.rollins.edu/ uDefault_Page_URL = hxxp://r-net.rollins.edu BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableInstallerDetection = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: NameServer = 10.20.1.10 10.20.1.20 TCP: Interfaces\{0C4FE41A-0115-49D1-B72D-3727B5B9C211} : DHCPNameServer = 10.20.1.10 10.20.1.20 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [TpShocks] TpShocks.exe x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2013-1-23 29512] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-3 16152] R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2012-9-6 25448] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-6-4 15472] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-10-5 189424] R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2013-1-23 198784] R2 fsprocsvc;ForeScout Remote Inspection Service;C:\Windows\temp\fsprocsvc.exe [2013-4-1 196736] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-6-4 101736] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-6-4 133992] R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2013-1-3 101888] R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?] R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2013-1-23 446800] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-6-4 145256] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-6-4 142696] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232] R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2013-1-3 166016] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-1-3 342528] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-10-5 40832] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-10-5 84864] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-9-2 288256] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600] R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-1-23 44344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168] S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-1-23 320576] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256] S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2013-1-23 1666112] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2013-1-23 1665088] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-3 19456] S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-1-3 41272] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-3 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-3 30208] . =============== Created Last 30 ================ . 2013-04-03 14:03:09 -------- d-----w- C:\Program Files (x86)\ESET 2013-04-03 13:06:20 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33AD8A3F-7FF9-4992-81B1-B309EBCB5789}\offreg.dll 2013-04-03 13:01:03 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE8F0298-4402-48A0-B917-306DCF2C0F28}\gapaengine.dll 2013-04-03 13:01:00 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{33AD8A3F-7FF9-4992-81B1-B309EBCB5789}\mpengine.dll 2013-04-03 13:00:22 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-04-03 13:00:21 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-04-02 02:25:45 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-02 02:25:44 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-02 02:25:43 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-02 02:24:18 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-02 02:24:18 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-02 02:20:17 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-02 02:15:37 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-04-02 02:15:37 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-04-02 02:15:37 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-04-02 02:15:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-04-02 02:15:11 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-04-02 02:15:11 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-04-02 02:12:43 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-04-02 02:12:43 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-04-02 02:11:04 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-04-02 02:11:04 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-04-02 02:11:04 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-04-02 02:11:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-04-02 02:11:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-04-02 02:11:03 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-04-02 02:09:14 800768 ----a-w- C:\Windows\System32\usp10.dll 2013-04-02 02:09:14 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-04-02 02:08:16 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-04-02 02:08:16 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-04-02 02:06:59 441856 ----a-w- C:\Windows\System32\Wpc.dll 2013-04-02 02:06:59 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2013-04-02 02:06:20 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-04-02 02:06:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-04-02 02:06:19 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-04-02 02:06:19 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-04-02 02:02:54 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2013-04-02 02:02:33 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-04-01 20:23:06 -------- d-----w- C:\Users\jeisenbarth\AppData\Roaming\Malwarebytes 2013-04-01 19:57:18 -------- d-sh--w- C:\$RECYCLE.BIN 2013-04-01 15:13:51 -------- d-----w- C:\Users\jeisenbarth\AppData\Local\temp 2013-04-01 15:10:07 98816 ----a-w- C:\Windows\sed.exe 2013-04-01 15:10:07 256000 ----a-w- C:\Windows\PEV.exe 2013-04-01 15:10:07 208896 ----a-w- C:\Windows\MBR.exe 2013-04-01 14:51:17 -------- d-----w- C:\ProgramData\Malwarebytes 2013-04-01 14:51:16 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-01 14:51:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-31 19:55:53 -------- d-----w- C:\ProgramData\esy . ==================== Find3M ==================== . 2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-13 14:30:20 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 14:30:20 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-03 18:11:39 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2013-01-03 18:11:39 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-01-03 18:11:33 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-01-03 18:11:33 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 11:09:24.18 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/3/2013 11:33:10 AM System Uptime: 4/3/2013 8:47:17 AM (3 hours ago) . Motherboard: LENOVO | | 4174WDC Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 77.958 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI Conexant 20672 SmartAudio HD Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dolby Home Theater v4 Google Chrome Google Update Helper Intel PROSet Wireless Intel® Processor Graphics Intel® WiDi Intel® Wireless Display Intel® PROSet/Wireless WiFi Software Lenovo Auto Scroll Utility Lenovo Patch Utility Lenovo Patch Utility 64 bit Lenovo Power Management Driver Lenovo Screen Reading Optimizer Lenovo System Interface Driver Lenovo System Update Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Microsoft Forefront Endpoint Protection 2010 Server Management Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 On Screen Display Power Manager Renesas Electronics USB 3.0 Host Controller Driver RICOH_Media_Driver_v2.14.18.01 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype™ 6.1 System Center 2012 Endpoint Protection ThinkPad FullScreen Magnifier ThinkPad UltraNav Driver ThinkPad UltraNav Utility ThinkVantage Active Protection System Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VLC media player 2.0.1 . ==== Event Viewer Messages From Past Week ======== . 4/3/2013 8:47:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/3/2013 8:47:32 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 4/1/2013 3:22:31 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 4/1/2013 11:12:51 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/31/2013 2:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.781.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/31/2013 10:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.781.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/31/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.773.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/30/2013 6:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.759.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/30/2013 2:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.746.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/30/2013 10:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.746.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/30/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.724.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/29/2013 6:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.712.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/29/2013 2:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.700.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/29/2013 10:03:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.700.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/29/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.663.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/28/2013 6:03:46 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.651.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/28/2013 2:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.626.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/28/2013 10:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.626.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/28/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.594.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/27/2013 6:03:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.578.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/27/2013 2:03:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.552.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/27/2013 10:03:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.552.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/27/2013 1:52:12 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.515.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. . ==== End Of File =========================== Thanks for your help,

Everything looks good. Thanks so much!

Heres the scan, it did find 1 thing. C:\Users\zteymuroglu\AppData\Local\Mozilla\xrjhbhnr.dll a variant of Win32/Boaxxe.P.Gen trojan

here it is: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.19.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ZTEYMUROGLU :: R98TL30 [administrator] 3/19/2013 2:30:56 PM mbam-log-2013-03-19 (14-30-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 280537 Time elapsed: 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:37:14 PM, on 3/19/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Users\zteymuroglu\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\zteymuroglu\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing) O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - Startup: Dropbox.lnk = C:\Users\zteymuroglu\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - http://kronos.rollins.edu/wfcstatic/plugins/jre-6u17-windows-i586.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Rollins.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Rollins.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Rollins.edu O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\product\11.2.0\client_1\bin\omtsreco.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForeScout SecureConnector Service (SecureConnector) - Unknown owner - C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 8579 bytes It seems to be running alright. Everything went pretty smooth so far.

new log: ComboFix 13-03-19.01 - ZTEYMUROGLU 03/19/2013 12:46:39.7.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.2140 [GMT -4:00] Running from: c:\users\zteymuroglu\Desktop\ComboFix.exe Command switches used :: c:\users\zteymuroglu\Desktop\CFScript.txt AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\system32\drivers\bssgxacd.sys" "c:\windows\system32\drivers\dilzymog.sys" "c:\windows\system32\drivers\dnqjshpf.sys" "c:\windows\system32\drivers\drcdqzzz.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_bssgxacd -------\Service_dilzymog -------\Service_dnqjshpf -------\Service_drcdqzzz . . ((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 ))))))))))))))))))))))))))))))) . . 2013-03-19 16:50 . 2013-03-19 16:50 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1DA1E69-EA17-4C0E-A828-274C382B0837}\offreg.dll 2013-03-19 16:49 . 2013-03-19 16:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-03-19 16:49 . 2013-03-19 16:49 -------- d-----w- c:\users\Helpdesk\AppData\Local\temp 2013-03-19 16:49 . 2013-03-19 16:49 -------- d-----w- c:\users\helpdesk.ROLLINS\AppData\Local\temp 2013-03-19 16:49 . 2013-03-19 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-19 16:49 . 2013-03-19 16:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-03-18 20:31 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1DA1E69-EA17-4C0E-A828-274C382B0837}\mpengine.dll 2013-03-18 18:58 . 2013-03-18 18:58 388096 ----a-r- c:\users\zteymuroglu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-18 18:58 . 2013-03-18 18:58 -------- d-----w- c:\program files (x86)\Trend Micro 2013-03-11 19:59 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-11 19:59 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-11 19:59 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-11 19:58 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-03-11 19:55 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 19:55 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 19:54 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-03-11 19:54 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-03-11 19:54 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-03-11 19:54 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-03-11 19:54 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-03-11 19:54 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-03-11 19:54 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-03-11 19:54 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-03-11 19:02 . 2013-03-11 19:08 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-11 02:00 . 2013-03-11 02:00 -------- d-----w- c:\users\zteymuroglu\AppData\Local\Programs 2013-02-26 20:19 . 2013-03-19 16:44 -------- d-----w- c:\program files (x86)\ForeScout SecureConnector . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-12 20:39 . 2012-06-03 04:18 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 20:39 . 2011-06-14 14:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-11 19:56 . 2011-06-14 14:18 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-08 00:28 . 2013-01-24 00:36 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-03-11 19:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2011-06-14 91520] . c:\users\zteymuroglu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableInstallerDetection"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-06-14 138576] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-06-14 54824] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-10-05 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-10-05 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-09-02 288256] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\DRIVERS\ndiscdp.sys [2011-06-14 29248] S2 SecureConnector;ForeScout SecureConnector Service;c:\program files (x86)\ForeScout SecureConnector\SecureConnector.exe [2013-03-01 1474616] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 167040] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-06-14 295600] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-29 151936] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] . . Contents of the 'Scheduled Tasks' folder . 2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SASSystemPrep"="e:\sas\SAS Software Depot\setup.exe" [bU] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-31 416024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-31 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-31 392472] "MSC"="c:\program files\Microsoft Security Client\Antimalware\mssecex.exe" [bU] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 10.20.1.10 10.20.1.20 FF - ProfilePath - c:\users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\ FF - ExtSQL: 2013-01-22 10:40; {b7bb8f56-4cbe-492d-9a81-af48c5357c1c}; c:\users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\extensions\{b7bb8f56-4cbe-492d-9a81-af48c5357c1c}.xpi . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - e:\hijackthis\HijackThis.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:62,5f,a4,44,cc,15,ce,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\oracle\product\11.2.0\client_1\bin\omtsreco.exe c:\program files\LENOVO\HOTKEY\tposdsvc.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2013-03-19 12:51:32 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-19 16:51 ComboFix2.txt 2013-03-19 16:04 ComboFix3.txt 2013-03-18 20:20 ComboFix4.txt 2013-03-11 19:16 ComboFix5.txt 2013-03-19 16:45 . Pre-Run: 48,088,662,016 bytes free Post-Run: 47,848,251,392 bytes free . - - End Of File - - 8E62AB084905E5A12E1E85C2DB21F12A I had to restart after combofix's restart because it kept saying illegal operation, etc etc. Still not seeing any redirects. How's the log look?

Here is the log: ComboFix 13-03-19.01 - ZTEYMUROGLU 03/19/2013 12:00:11.6.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.2424 [GMT -4:00] Running from: c:\users\zteymuroglu\Desktop\ComboFix.exe AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 ))))))))))))))))))))))))))))))) . . 2013-03-19 16:02 . 2013-03-19 16:02 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-03-19 16:02 . 2013-03-19 16:02 -------- d-----w- c:\users\Helpdesk\AppData\Local\temp 2013-03-19 16:02 . 2013-03-19 16:02 -------- d-----w- c:\users\helpdesk.ROLLINS\AppData\Local\temp 2013-03-19 16:02 . 2013-03-19 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-19 16:02 . 2013-03-19 16:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-03-19 14:27 . 2013-03-19 14:27 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1DA1E69-EA17-4C0E-A828-274C382B0837}\offreg.dll 2013-03-18 20:31 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1DA1E69-EA17-4C0E-A828-274C382B0837}\mpengine.dll 2013-03-18 18:58 . 2013-03-18 18:58 388096 ----a-r- c:\users\zteymuroglu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-18 18:58 . 2013-03-18 18:58 -------- d-----w- c:\program files (x86)\Trend Micro 2013-03-11 19:59 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-11 19:59 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-11 19:59 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-11 19:58 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-03-11 19:55 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 19:55 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 19:54 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-03-11 19:54 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-03-11 19:54 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-03-11 19:54 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-03-11 19:54 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-03-11 19:54 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-03-11 19:54 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-03-11 19:54 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-03-11 19:02 . 2013-03-11 19:08 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-11 02:00 . 2013-03-11 02:00 -------- d-----w- c:\users\zteymuroglu\AppData\Local\Programs 2013-02-26 20:19 . 2013-03-19 15:56 -------- d-----w- c:\program files (x86)\ForeScout SecureConnector . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-12 20:39 . 2012-06-03 04:18 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-12 20:39 . 2011-06-14 14:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-11 19:56 . 2011-06-14 14:18 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-08 00:28 . 2013-01-24 00:36 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-03-11 19:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2011-06-14 91520] . c:\users\zteymuroglu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableInstallerDetection"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 bssgxacd;bssgxacd;c:\windows\system32\drivers\bssgxacd.sys [x] R1 dilzymog;dilzymog;c:\windows\system32\drivers\dilzymog.sys [x] R1 dnqjshpf;dnqjshpf;c:\windows\system32\drivers\dnqjshpf.sys [x] R1 drcdqzzz;drcdqzzz;c:\windows\system32\drivers\drcdqzzz.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2011-06-14 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-06-14 54824] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-10-05 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-09-02 288256] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-14 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\DRIVERS\ndiscdp.sys [2011-06-14 29248] S2 SecureConnector;ForeScout SecureConnector Service;c:\program files (x86)\ForeScout SecureConnector\SecureConnector.exe [2013-03-01 1474616] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 167040] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-06-14 295600] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-29 151936] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-10-05 40832] . . Contents of the 'Scheduled Tasks' folder . 2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-03 20:39] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\zteymuroglu\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SASSystemPrep"="e:\sas\SAS Software Depot\setup.exe" [bU] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-31 416024] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-31 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-31 392472] "MSC"="c:\program files\Microsoft Security Client\Antimalware\mssecex.exe" [bU] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 10.20.1.10 10.20.1.20 FF - ProfilePath - c:\users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\ FF - ExtSQL: 2013-01-22 10:40; {b7bb8f56-4cbe-492d-9a81-af48c5357c1c}; c:\users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\extensions\{b7bb8f56-4cbe-492d-9a81-af48c5357c1c}.xpi . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - e:\hijackthis\HijackThis.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:62,5f,a4,44,cc,15,ce,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-19 12:04:15 ComboFix-quarantined-files.txt 2013-03-19 16:04 ComboFix2.txt 2013-03-18 20:20 ComboFix3.txt 2013-03-11 19:16 ComboFix4.txt 2013-01-08 20:32 ComboFix5.txt 2013-03-19 15:59 . Pre-Run: 47,943,602,176 bytes free Post-Run: 48,022,315,008 bytes free . - - End Of File - - DEB9E556F008F76E8B1561C0BBD178DE I don't seem to be getting the redirects anymore. How are the logs looking?

Here are the different logs: checkup.txt Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Forefront Endpoint Protection 2010 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 SAS/SECURE Java 9.2 SAS/Graph Java Applets for 9.2 Java 6 Update 24 Java 6 Update 32 Java SE Development Kit 6 Update 25 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Microsoft Security Client Antimalware MsMpEng.exe Microsoft Security Client Antimalware NisSrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` adwcleaner # AdwCleaner v2.115 - Logfile created 03/19/2013 at 10:26:21 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : ZTEYMUROGLU - R98TL30 # Boot Mode : Normal # Running from : C:\Users\zteymuroglu\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0cb720d8b1f8db581667978db7c27210 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1d8476e4fcca11dab0f6f685d746a93a Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ebbeb34fcc311dab0f6f685d746a93a Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2ebaa88b7b64182e4af82897354182ce Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\36ac3ae4fcc511dab0f6f685d746a93a Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4835c259d88f3adc046d62a97265ec17 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6c9075daf71d67d7dbe217e499cafb71 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\886ab92c4a6c74a46b96872becbd77fd Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8d3018ac1115bc56200761861bf27a01 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8e3b1da4b72dd31027a907ea7fd04de5-1176937533 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c36effd50786536bc7c5e5402f910e57 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d512c678901db9d321c85ecf7c30ae2e Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daf6f5b4d3e711daa10efbdcebaa7b67 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e6d1697afcc611dab0f6f685d746a93a Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f4455823dea0ac0f8dafa9940d5d90ee Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\febb569a337f725f5f8607711f665d3b Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\prefs.js C:\Users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\user.js ... Deleted ! [OK] File is clean. ************************* AdwCleaner[s1].txt - [2958 octets] - [19/03/2013 10:26:21] ########## EOF - C:\AdwCleaner[s1].txt - [3018 octets] ######### # I had two rkreports on my desktop (1 and 2). here's the first: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : ZTEYMUROGLU [Admin rights] Mode : Scan -- Date : 03/19/2013 10:28:46 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\Windows\Installer\{17a02602-a5cc-851a-dc9c-166109a56bfc}\U --> FOUND [ZeroAccess][FOLDER] L : C:\Windows\Installer\{17a02602-a5cc-851a-dc9c-166109a56bfc}\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA THNS128GG4BAAA-N +++++ --- User --- [MBR] 6ce4ad28c7c9403cc64639497a63b02d [bSP] 17a577710fd4512897ed86a8e536c4ae : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03192013_02d1028.txt >> RKreport[1]_S_03192013_02d1028.txt and the 2nd: RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : ZTEYMUROGLU [Admin rights] Mode : Remove -- Date : 03/19/2013 10:29:44 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{17a02602-a5cc-851a-dc9c-166109a56bfc}\U --> REMOVED [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{17a02602-a5cc-851a-dc9c-166109a56bfc}\L\00000004.@ [-] --> REMOVED [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{17a02602-a5cc-851a-dc9c-166109a56bfc}\L\201d3dde [-] --> REMOVED [Del.Parent][FILE] 55490ac4 : C:\Windows\Installer\{17a02602-a5cc-851a-dc9c-166109a56bfc}\L\55490ac4 [-] --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{17a02602-a5cc-851a-dc9c-166109a56bfc}\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA THNS128GG4BAAA-N +++++ --- User --- [MBR] 6ce4ad28c7c9403cc64639497a63b02d [bSP] 17a577710fd4512897ed86a8e536c4ae : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_03192013_02d1029.txt >> RKreport[1]_S_03192013_02d1028.txt ; RKreport[2]_D_03192013_02d1029.txt

Hi, I've gotten some infections and I've run malwarebytes and System Center 2012 Endpoint protection. They've found some items and are now scanning as clean, but I'm still getting google redirects in IE. Here are the logs: DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_32 Run by ZTEYMUROGLU at 16:27:16 on 2013-03-18 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.2139 [GMT -4:00] . AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe C:\Oracle\product\11.2.0\client_1\bin\omtsreco.exe C:\Windows\system32\taskhost.exe C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe C:\Windows\system32\Dwm.exe C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\rundll32.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k regsvc C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\SysWOW64\rundll32.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices StartupFolder: C:\Users\ZTEYMU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\zteymuroglu\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableInstallerDetection = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://kronos.rollins.edu/wfcstatic/plugins/jre-6u17-windows-i586.exe DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 10.20.1.10 10.20.1.20 TCP: Interfaces\{33B4C1D6-C431-454E-B1DB-41AA1DC9CF31} : DHCPNameServer = 10.20.1.10 10.20.1.20 TCP: Interfaces\{33B4C1D6-C431-454E-B1DB-41AA1DC9CF31}\442757E6B656E602D4F6E6B656970234F66666565602826627565692 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{33B4C1D6-C431-454E-B1DB-41AA1DC9CF31}\7556374796E6D456564796E67625F6F6D637 : DHCPNameServer = 74.10.105.233 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sASSystemPrep] E:\SAS\SAS Software Depot\setup.exe -lang en -order 99L1WP x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\Antimalware\mssecex.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-01-22 10:40; {b7bb8f56-4cbe-492d-9a81-af48c5357c1c}; C:\Users\zteymuroglu\AppData\Roaming\Mozilla\Firefox\Profiles\rv4kyfu2.default\extensions\{b7bb8f56-4cbe-492d-9a81-af48c5357c1c}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-5-17 15472] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-10-5 189424] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-16 13336] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-17 101736] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-17 133992] R2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;C:\Windows\System32\drivers\Ndiscdp.sys [2011-6-14 29248] R2 SecureConnector;ForeScout SecureConnector Service;C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe -service --> C:\Program Files (x86)\ForeScout SecureConnector\SecureConnector.exe -service [?] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-17 145256] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-17 142696] R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2012-5-17 167040] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-7 35104] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2010-11-19 295600] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-5-17 151936] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-17 317440] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-10-5 40832] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-8 54824] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704] S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-10-5 84864] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-9-2 288256] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-8 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-8 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-14 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] . =============== Created Last 30 ================ . 2013-03-18 20:15:20 -------- d-----w- C:\ComboFix 2013-03-18 19:08:35 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59F85779-796F-4A10-8AF7-4B5AE9317E61}\offreg.dll 2013-03-18 18:58:29 388096 ----a-r- C:\Users\zteymuroglu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-18 18:58:29 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-03-17 22:19:40 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59F85779-796F-4A10-8AF7-4B5AE9317E61}\mpengine.dll 2013-03-11 19:59:06 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-11 19:59:05 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-11 19:59:05 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-11 19:58:07 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-03-11 19:55:02 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 19:55:02 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-03-11 19:54:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-03-11 19:54:34 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-03-11 19:54:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-03-11 19:54:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-03-11 19:54:33 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-03-11 19:54:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-03-11 19:54:15 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-03-11 19:54:15 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-03-11 19:02:15 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-11 02:00:41 -------- d-----w- C:\Users\zteymuroglu\AppData\Local\Programs 2013-02-26 20:19:27 -------- d-----w- C:\Program Files (x86)\ForeScout SecureConnector . ==================== Find3M ==================== . 2013-03-12 20:39:36 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 20:39:36 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll . ============= FINISH: 16:27:23.63 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/16/2012 4:43:35 PM System Uptime: 3/18/2013 3:08:23 PM (1 hours ago) . Motherboard: LENOVO | | 2912BE7 Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 119 GiB total, 44.822 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Cisco Unified Personal Communicator Conexant 20585 SmartAudio HD Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dropbox Gephi 0.8.1 HiJackThis HijackThis 2.0.0 Integrated Camera Driver Installer Package Ver.1.1.0.48 Intel PROSet Wireless Intel® Control Center Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology J2SE Runtime Environment 5.0 Update 12 J2SE Runtime Environment 5.0 Update 15 Java Auto Updater Java 6 Update 24 Java 6 Update 32 Java SE Development Kit 6 Update 25 KONICA MINOLTA 423Series KONICA MINOLTA bizhub 501/421/361 Lenovo Auto Scroll Utility Lenovo Patch Utility Lenovo Patch Utility 64 bit Lenovo System Interface Driver Lenovo System Update Malwarebytes Anti-Malware version 1.70.0.1100 MATLAB R2009b Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Antimalware Microsoft Forefront Endpoint Protection 2010 Server Management Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access database engine 2007 (English) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft WSE 3.0 Runtime MiKTeX 2.9 Mozilla Firefox 18.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) On Screen Display R for Windows 2.15.0 SAS 9.2 (32) SAS 9.3 SAS Client Connection Profile Configuration 9.2 SAS Deployment Tester - Client 1.3 SAS Deployment Tester - Server 1.3 SAS Deployment Tester 1.3 for SAS Management Console SAS Download Manager 1.43 SAS Drivers for JDBC 9.2 SAS Enterprise Guide 4.3 SAS Help Viewer for the Web SAS Intelligence Platform Object Framework 9.2 SAS Locale Setup Manager 2.1 SAS Management Console 9.2 SAS Versioned Jar Repository 9.2 SAS Web Application Themes 9.2 SAS Web Infrastructure Client 4.2 SAS Web Infrastructure Platform 9.2 SAS/Graph Java Applets for 9.2 SAS/SECURE Java 9.2 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype™ 6.0 System Center 2012 Endpoint Protection TeXnicCenter Version 1.0 Stable RC1 ThinkPad Bluetooth with Enhanced Data Rate Software ThinkPad FullScreen Magnifier ThinkPad Power Management Driver ThinkPad UltraNav Driver ThinkPad UltraNav Utility UCINET 6 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Visual Studio 2005 Tools for Office Second Edition Runtime VLC media player 1.1.10 Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) WinEdt WinEdt 6 Yahoo! Messenger Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 3/18/2013 9:26:59 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. 3/18/2013 4:19:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 3/18/2013 3:08:32 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ROLLINS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. 3/18/2013 3:08:31 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified. 3/18/2013 3:06:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/18/2013 3:05:59 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 3/18/2013 3:05:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/18/2013 3:05:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/18/2013 3:05:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/18/2013 3:05:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/18/2013 3:05:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache lenovo.smi MpFilter spldr Wanarpv6 3/17/2013 6:18:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1995.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/17/2013 11:48:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ROLLINS\ZTEYMUROGLU SID (S-1-5-21-2645849277-2867965597-2545153330-7969) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/16/2013 6:06:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1873.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/15/2013 8:15:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1753.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/14/2013 3:18:44 PM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\Rollins.edu\SysVol\Rollins.edu\Policies\{F8F24D3C-58AC-4D50-82EB-6D7780CF8F5D}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. 3/13/2013 10:43:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1655.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/12/2013 3:25:58 PM, Error: Microsoft-Windows-GroupPolicy [1006] - The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description. 3/12/2013 10:23:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1483.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/11/2013 3:14:29 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 3/11/2013 3:13:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1483.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/11/2013 3:13:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.145.1483.0 Update Source: Internal Definition Update Server Update Stage: Search Source Path: http://keymaster:8530 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 3/11/2013 3:03:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the OracleMTSRecoveryService service to connect. 3/11/2013 3:03:26 PM, Error: Service Control Manager [7000] - The OracleMTSRecoveryService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/11/2013 1:55:14 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================

thanks again!

fully updated now. Any other scans or logs to run?

done. Are there any other scans you'd like me to run?

Symantec scan came back with trojan.maljava and downloader. It deleted them, but what else can I do? The locations were in application data\sun\java\deployment\cache\6.0\60 and \cache\6.0\1

underneath my profile's local settings/temp folder. I had everything un-hidden and didn't see anything. I'm currently running another symantec scan to see if that pops up anything.

So...I spoke to soon. Symantec popped up with another warning. I haven't touched the machine since I was given the all-clear, but it just warned me about trojan.gen.2 again. It logged it only, but when i went to the location where it was supposed to be there wasn't anything there. When I tell symantec to quarantine it it can't because the file has been moved, deleted, etc. What else can we check? ~T

thanks so much!

Here is the log. The computer seems normal, haven't received any further notifications from symantec. 2010/12/26 19:26:05.0421 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2010/12/26 19:26:05.0421 ================================================================================ 2010/12/26 19:26:05.0421 SystemInfo: 2010/12/26 19:26:05.0421 2010/12/26 19:26:05.0421 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/26 19:26:05.0421 Product type: Workstation 2010/12/26 19:26:05.0421 ComputerName: R96NALB 2010/12/26 19:26:05.0421 UserName: TLECHLER 2010/12/26 19:26:05.0421 Windows directory: C:\WINDOWS 2010/12/26 19:26:05.0421 System windows directory: C:\WINDOWS 2010/12/26 19:26:05.0421 Processor architecture: Intel x86 2010/12/26 19:26:05.0421 Number of processors: 4 2010/12/26 19:26:05.0421 Page size: 0x1000 2010/12/26 19:26:05.0421 Boot type: Normal boot 2010/12/26 19:26:05.0421 ================================================================================ 2010/12/26 19:26:05.0562 Initialize success 2010/12/26 19:26:30.0265 ================================================================================ 2010/12/26 19:26:30.0265 Scan started 2010/12/26 19:26:30.0265 Mode: Manual; 2010/12/26 19:26:30.0265 ================================================================================ 2010/12/26 19:26:30.0343 5U877 (5e67a474cbc887daf0ddd343f6f7fea0) C:\WINDOWS\system32\DRIVERS\5U877.sys 2010/12/26 19:26:30.0390 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/12/26 19:26:30.0421 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/26 19:26:30.0453 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2010/12/26 19:26:30.0468 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/12/26 19:26:30.0500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/26 19:26:30.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/26 19:26:30.0562 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/12/26 19:26:30.0578 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/12/26 19:26:30.0609 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/12/26 19:26:30.0640 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/12/26 19:26:30.0656 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/12/26 19:26:30.0687 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/12/26 19:26:30.0718 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/12/26 19:26:30.0734 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/12/26 19:26:30.0765 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/12/26 19:26:30.0781 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/12/26 19:26:30.0812 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/12/26 19:26:30.0828 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/12/26 19:26:30.0843 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/12/26 19:26:30.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/26 19:26:30.0906 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/26 19:26:30.0953 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/26 19:26:30.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/26 19:26:31.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/26 19:26:31.0046 BlankScr (0d266f08aed52d9b17b3c61be01dd576) C:\WINDOWS\system32\drivers\BlankScr.sys 2010/12/26 19:26:31.0093 BTKRNL (25c4c2c4a4caeb719d2b534e3e155e0a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2010/12/26 19:26:31.0125 BTWUSB (f9b15cfaef98d8117313c6c4215b9eac) C:\WINDOWS\system32\Drivers\btwusb.sys 2010/12/26 19:26:31.0156 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/12/26 19:26:31.0187 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/26 19:26:31.0218 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/12/26 19:26:31.0250 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/12/26 19:26:31.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/26 19:26:31.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/26 19:26:31.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/26 19:26:31.0375 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/12/26 19:26:31.0390 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/12/26 19:26:31.0453 CnxtHdAudService (34e172aa5c7abc4146346cd20233ee32) C:\WINDOWS\system32\drivers\CHDAU32.sys 2010/12/26 19:26:31.0500 COH_Mon (a02dc932f3806d29b39ef3114ce00405) C:\WINDOWS\system32\Drivers\COH_Mon.sys 2010/12/26 19:26:31.0531 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/12/26 19:26:31.0546 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/12/26 19:26:31.0578 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/12/26 19:26:31.0609 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/12/26 19:26:31.0640 Darpan (566cca06fb1b98dff3e9eea563b6334e) C:\WINDOWS\system32\DRIVERS\Darpan.sys 2010/12/26 19:26:31.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/26 19:26:31.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/26 19:26:31.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/26 19:26:31.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/26 19:26:31.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/26 19:26:31.0812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/12/26 19:26:31.0843 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/26 19:26:31.0875 e1kexpress (9f7ae949202f0ef6b17dd3cc5c117ad3) C:\WINDOWS\system32\DRIVERS\e1k5132.sys 2010/12/26 19:26:31.0890 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2010/12/26 19:26:31.0921 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2010/12/26 19:26:31.0968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/26 19:26:31.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/12/26 19:26:32.0015 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/26 19:26:32.0031 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/12/26 19:26:32.0062 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/12/26 19:26:32.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/26 19:26:32.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/26 19:26:32.0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/26 19:26:32.0156 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/26 19:26:32.0187 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys 2010/12/26 19:26:32.0218 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/12/26 19:26:32.0234 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/12/26 19:26:32.0265 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/26 19:26:32.0296 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/12/26 19:26:32.0312 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/12/26 19:26:32.0343 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/26 19:26:32.0390 ialm (cf580905f0963521acb3f88583466bb2) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2010/12/26 19:26:32.0437 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\DRIVERS\iaStor.sys 2010/12/26 19:26:32.0468 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 2010/12/26 19:26:32.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/26 19:26:32.0515 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys 2010/12/26 19:26:32.0546 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/12/26 19:26:32.0578 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 2010/12/26 19:26:32.0609 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/12/26 19:26:32.0625 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/26 19:26:32.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/12/26 19:26:32.0671 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/26 19:26:32.0687 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/26 19:26:32.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/26 19:26:32.0734 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/26 19:26:32.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/26 19:26:32.0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/26 19:26:32.0812 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys 2010/12/26 19:26:32.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/26 19:26:32.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/12/26 19:26:32.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/26 19:26:32.0906 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/26 19:26:32.0968 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys 2010/12/26 19:26:33.0015 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/26 19:26:33.0031 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/26 19:26:33.0062 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/26 19:26:33.0093 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/12/26 19:26:33.0109 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/26 19:26:33.0140 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/12/26 19:26:33.0156 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/26 19:26:33.0187 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/26 19:26:33.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/26 19:26:33.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/26 19:26:33.0265 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/26 19:26:33.0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/26 19:26:33.0312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/26 19:26:33.0343 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/12/26 19:26:33.0359 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/26 19:26:33.0390 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/12/26 19:26:33.0406 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101226.003\NAVENG.SYS 2010/12/26 19:26:33.0437 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101226.003\NAVEX15.SYS 2010/12/26 19:26:33.0484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/26 19:26:33.0515 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/12/26 19:26:33.0531 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/26 19:26:33.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/26 19:26:33.0578 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/26 19:26:33.0609 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/26 19:26:33.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/26 19:26:33.0656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/26 19:26:33.0718 NETw5x32 (5999dd37f48b3ac83a1f4768221278b4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 2010/12/26 19:26:33.0828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETw5x32.sys. Real md5: 5999dd37f48b3ac83a1f4768221278b4, Fake md5: e0e8dfcd98bdbe8468f0202a64541222 2010/12/26 19:26:33.0828 NETw5x32 - detected Forged file (1) 2010/12/26 19:26:33.0859 NetwareWorkstation (a48f743759ea1c7917eb21cadf75f566) C:\WINDOWS\system32\NetWare\nwfs.sys 2010/12/26 19:26:33.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/12/26 19:26:33.0921 NICM (d686538f37dff96042047930650ac88d) C:\WINDOWS\system32\drivers\nicm.sys 2010/12/26 19:26:33.0937 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/26 19:26:33.0968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/26 19:26:34.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/26 19:26:34.0031 NWDHCP (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys 2010/12/26 19:26:34.0062 NWDNS (b6f69f4d4fae462574f3440070ac22ec) C:\WINDOWS\system32\NetWare\nwdns.sys 2010/12/26 19:26:34.0078 NWFILTER (3d8f24cbed28067e4c5a960ee67cdb19) C:\WINDOWS\system32\NetWare\nwfilter.sys 2010/12/26 19:26:34.0109 NWHOST (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys 2010/12/26 19:26:34.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/26 19:26:34.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/26 19:26:34.0187 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/12/26 19:26:34.0203 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/12/26 19:26:34.0234 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/12/26 19:26:34.0250 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys 2010/12/26 19:26:34.0281 NWSIPX32 (e00b0349cc3921225ad60728230d78be) C:\WINDOWS\system32\NetWare\nwsipx32.sys 2010/12/26 19:26:34.0296 NWSLP (10e02fc7585e495dd963031520ad2f0a) C:\WINDOWS\system32\NetWare\nwslp.sys 2010/12/26 19:26:34.0328 NWSNS (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys 2010/12/26 19:26:34.0343 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/12/26 19:26:34.0390 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/12/26 19:26:34.0406 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/26 19:26:34.0437 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/26 19:26:34.0453 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/26 19:26:34.0500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/26 19:26:34.0531 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2010/12/26 19:26:34.0640 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/12/26 19:26:34.0671 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/12/26 19:26:34.0703 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys 2010/12/26 19:26:34.0734 pmxdrv (b4079d61b5c6b4919bde17c38202e236) C:\WINDOWS\system32\drivers\pmxdrv.sys 2010/12/26 19:26:34.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/26 19:26:34.0812 psadd (72de205cd4006dc45b1401859c506679) C:\WINDOWS\system32\DRIVERS\psadd.sys 2010/12/26 19:26:34.0828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/26 19:26:34.0859 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/26 19:26:34.0875 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/12/26 19:26:34.0890 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/12/26 19:26:34.0921 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/12/26 19:26:34.0937 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/12/26 19:26:34.0968 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/12/26 19:26:34.0984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/12/26 19:26:35.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/26 19:26:35.0046 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/26 19:26:35.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/26 19:26:35.0093 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/26 19:26:35.0109 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/26 19:26:35.0140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/26 19:26:35.0171 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/26 19:26:35.0203 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/26 19:26:35.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/26 19:26:35.0265 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys 2010/12/26 19:26:35.0296 RESMGR (382ec29aa5bbd5ea7e959167f9cdada2) C:\WINDOWS\system32\NetWare\resmgr.sys 2010/12/26 19:26:35.0328 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2010/12/26 19:26:35.0359 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/26 19:26:35.0390 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/12/26 19:26:35.0421 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/12/26 19:26:35.0453 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/26 19:26:35.0515 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/12/26 19:26:35.0531 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/12/26 19:26:35.0578 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/12/26 19:26:35.0593 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2010/12/26 19:26:35.0640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/26 19:26:35.0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/26 19:26:35.0687 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS 2010/12/26 19:26:35.0718 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS 2010/12/26 19:26:35.0750 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS 2010/12/26 19:26:35.0781 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/26 19:26:35.0812 SRVLOC (9a44b2bacf48abba25cbd043770a7fcb) C:\WINDOWS\system32\NetWare\srvloc.sys 2010/12/26 19:26:35.0843 stmtpm (8afa1b80366276f8345a6b61e0df2f3e) C:\WINDOWS\system32\DRIVERS\stm_tpm.sys 2010/12/26 19:26:35.0875 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/12/26 19:26:35.0890 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/26 19:26:35.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/26 19:26:35.0953 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/12/26 19:26:35.0968 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/12/26 19:26:36.0000 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2010/12/26 19:26:36.0015 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2010/12/26 19:26:36.0046 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2010/12/26 19:26:36.0078 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/12/26 19:26:36.0093 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/12/26 19:26:36.0125 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/12/26 19:26:36.0156 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/26 19:26:36.0187 SysPlant (8adc033c77b2b006ea59beb2c8c6a38b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys 2010/12/26 19:26:36.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/26 19:26:36.0265 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/26 19:26:36.0281 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/26 19:26:36.0312 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys 2010/12/26 19:26:36.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/26 19:26:36.0359 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/12/26 19:26:36.0390 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 2010/12/26 19:26:36.0437 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys 2010/12/26 19:26:36.0468 TVTI2C (3078906e991f29305e8066911153717e) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys 2010/12/26 19:26:36.0484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/26 19:26:36.0531 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys 2010/12/26 19:26:36.0562 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/12/26 19:26:36.0593 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/26 19:26:36.0625 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/26 19:26:36.0640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/26 19:26:36.0671 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/26 19:26:36.0687 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/26 19:26:36.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/26 19:26:36.0734 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2010/12/26 19:26:36.0765 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/26 19:26:36.0796 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/12/26 19:26:36.0812 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/12/26 19:26:36.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/26 19:26:36.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/26 19:26:36.0921 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2010/12/26 19:26:36.0968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/26 19:26:37.0015 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/12/26 19:26:37.0062 WPS (d48d0b1b5fdc074373c624af3b573412) C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2010/12/26 19:26:37.0093 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys 2010/12/26 19:26:37.0140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/12/26 19:26:37.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/12/26 19:26:37.0187 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/12/26 19:26:37.0234 ================================================================================ 2010/12/26 19:26:37.0234 Scan finished 2010/12/26 19:26:37.0234 ================================================================================ 2010/12/26 19:26:37.0250 Detected object count: 1 2010/12/26 19:26:53.0000 Forged file(NETw5x32) - User select action: Skip