Jump to content

svchost.exe Trojan Horse - Google Searches Redirected - 3 Trojan Horse Infections


Cashmann

Recommended Posts

Hello...My wife's computer has recently become infected with at least 4 trojan horses which results in google searches being redirected to other website search engines. It steadily got worse till the computer would power up but the desktop had lost it's background, and most of the desktop icons were gone: also the computer was very slow. I ran MBAM and AVG anti virus and this helped bring the computer back, but it still has the google redirects. Now, while running MBAM, AVG anti-virus displays 3 trojan horses:

1) C:\windows\temp\sssttx.exe - trojan horse agent.6.BA

2) C:\windows\temp\photo.clas - trojan horse java/agent.ky

3) C:\windows\temp\fpgtkko.exe - trojan horse agent.6.BA

I have quarantined these 3 trojan horses. After MBAM completes the quick scan the MBAM results are:

1)Trojan.agent file c:\windows svchost.exe

2) Trojan.agent memory process c:\windows svchost.exe

I have quarantined these also.

Running another MBAM quick scan produces the same results. Any and all help would be greatly appreciated. I have cleared the cache in both windows explorer and google chrome, and have used ccleaner to clean all temporary files and such. Running a quick scan for AVG Anti-virus and MBAM always produces the same results. I have attached the two DDS files that are required for assistance Thanks so much for any and all assistance.

Darryl

DDS.txt

Attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

-------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Thanks for responding Mr. C. !! It is much appreciated.

When I first opened up roquekiller, it flashed 'svchost.exe - killed'. I then hit the scan button. Here is the Roquekiller report:

RogueKiller V7.2.1 [02/29/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Darlene [Admin rights]

Mode: Scan -- Date: 02/29/2012 18:27:58

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

94.63.147.16 www.google.com

94.63.147.17 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++

--- User ---

[MBR] a4e6e4b2db41d59aeb7dabadd7035bff

[bSP] badac77e52380834dc3972cd4aa54488 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 465672 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 953903104 | Size: 11166 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Otl.txt report:

OTL logfile created on: 2/29/2012 6:36:30 PM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Darlene\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 30.26% Memory free

5.75 Gb Paging File | 3.16 Gb Available in Paging File | 55.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 454.76 Gb Total Space | 398.68 Gb Free Space | 87.67% Space Free | Partition Type: NTFS

Drive D: | 10.90 Gb Total Space | 2.02 Gb Free Space | 18.56% Space Free | Partition Type: NTFS

Drive E: | 83.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DARLENE-PC | User Name: Darlene | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/29 18:34:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe

PRC - [2012/02/26 18:41:25 | 000,654,336 | ---- | M] (DownloadManager) -- C:\Program Files (x86)\Download Manager\DownloadManager.exe

PRC - [2012/02/06 17:57:10 | 000,934,240 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2012/02/06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 19:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/01/11 11:54:44 | 000,090,112 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/19 03:28:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll

MOD - [2012/02/19 03:28:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll

MOD - [2012/02/19 03:28:24 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll

MOD - [2012/02/19 03:28:18 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll

MOD - [2012/02/19 03:28:01 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll

MOD - [2012/02/19 03:27:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll

MOD - [2012/02/19 03:27:57 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll

MOD - [2012/02/14 23:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\ppgooglenaclpluginchrome.dll

MOD - [2012/02/14 23:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

MOD - [2012/02/14 23:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll

MOD - [2012/02/14 23:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll

MOD - [2012/02/14 23:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll

MOD - [2011/10/13 02:28:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/03/27 12:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV - [2012/02/06 17:49:30 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 04:38:42 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/19 10:19:38 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)

DRV - [2011/09/20 14:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)

DRV - [2011/09/20 14:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/

IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 12 00 D0 A8 59 CA 01 [binary data]

IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Darlene\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Darlene\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 03:01:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/18 14:15:37 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)

CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=380920&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll

CHR - plugin: Download Manager (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\joodbcgfkkeoaggiinabcekkekiobfdl\1.0_0\npDownloadManager.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: AVG Safe Search = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

CHR - Extension: Download Manager = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\joodbcgfkkeoaggiinabcekkekiobfdl\1.0_0\

CHR - Extension: Gmail = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/19 00:55:44 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 94.63.147.16 www.google.com

O1 - Hosts: 94.63.147.17 www.bing.com

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)

O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\5.0\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)

O3:64bit: - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [brStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found

O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2792723376-3193599209-4087185376-1001..\Run: [DownloadManager] C:\Program Files (x86)\Download Manager\DownloadManager.exe (DownloadManager)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D058B7-6742-44CD-B071-8F9AC846D243}: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 18:34:30 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe

[2012/02/29 18:27:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\RK_Quarantine

[2012/02/27 19:14:37 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Logs

[2012/02/27 19:13:54 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\DEBUG PROGRAMS

[2012/02/26 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Darlene\New folder

[2012/02/26 18:53:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2012/02/26 18:52:14 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Darlene\Desktop\cnet2_ComboFix_exe.exe

[2012/02/26 18:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alotappbar

[2012/02/26 18:41:39 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\DownloadManager

[2012/02/26 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Download Manager

[2012/02/26 17:42:43 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Outlook Express

[2012/02/26 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Email

[2012/02/26 11:14:58 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Computer maintanence

[2012/02/26 11:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2012/02/26 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2012/02/26 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar

[2012/02/26 11:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter

[2012/02/26 11:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2012/02/26 11:04:34 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\IObit

[2012/02/26 11:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2012/02/23 17:36:11 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Google

[2012/02/23 17:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/02/23 17:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2012/02/23 17:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/02/23 17:34:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/02/19 03:13:18 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/02/18 14:16:26 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\AVG2012

[2012/02/18 14:15:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/02/18 14:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012

[2012/02/18 14:15:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG

[2012/02/18 14:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[2012/02/18 14:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG

[2012/02/18 14:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2012/02/18 14:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/02/18 10:47:20 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/02/18 10:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/18 10:46:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe

[2012/02/18 10:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2012/02/18 10:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/02/18 10:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/02/18 03:53:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/02/18 03:53:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/17 08:33:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

[2012/02/17 08:22:29 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\23954

[2012/02/17 08:21:57 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\A0A23

[2012/02/16 23:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\23954

[2012/02/16 23:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP

[2012/02/06 16:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantom EFX

[2012/02/06 13:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

[2012/02/06 13:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

[2012/02/05 23:51:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/02/01 08:46:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2012/02/29 18:34:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe

[2012/02/29 18:05:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001UA.job

[2012/02/29 17:45:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/29 17:45:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/29 17:29:27 | 090,442,176 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/02/29 16:05:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001Core.job

[2012/02/29 07:16:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/28 11:58:38 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[2012/02/27 18:43:44 | 000,038,234 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/02/26 21:23:09 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/26 21:23:09 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/26 21:23:09 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/26 19:06:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/26 19:06:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/26 18:59:30 | 000,000,333 | ---- | M] () -- C:\Windows\Brownie.ini

[2012/02/26 18:58:49 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/26 18:51:46 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Darlene\Desktop\cnet2_ComboFix_exe.exe

[2012/02/26 12:38:08 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

[2012/02/23 16:17:33 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDarlene.job

[2012/02/19 03:27:03 | 000,329,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/02/19 03:03:32 | 000,002,421 | ---- | M] () -- C:\Users\Darlene\Desktop\Google Chrome.lnk

[2012/02/19 00:55:44 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/02/18 14:15:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/02/18 14:15:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/02/18 10:44:40 | 000,002,025 | ---- | M] () -- C:\Users\Darlene\Documents\Adobe Reader X.lnk

[2012/02/18 10:09:54 | 000,001,099 | ---- | M] () -- C:\Users\Darlene\Desktop\Documents.lnk

[2012/02/17 08:33:39 | 000,000,408 | ---- | M] () -- C:\ProgramData\zCxZvAkflklsr3

[2012/02/17 08:33:18 | 000,000,312 | ---- | M] () -- C:\ProgramData\~zCxZvAkflklsr3

[2012/02/17 08:33:18 | 000,000,216 | ---- | M] () -- C:\ProgramData\~zCxZvAkflklsr3r

[2012/02/06 16:41:11 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Play WMS Slots Reel EM IN.lnk

[2012/02/06 13:59:22 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

========== Files Created - No Company Name ==========

[2012/02/29 17:29:27 | 090,442,176 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/02/27 18:43:44 | 000,038,234 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/02/26 12:38:08 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI

[2012/02/23 17:35:09 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/23 17:35:07 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/18 14:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/02/18 14:15:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/02/18 10:44:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012/02/18 10:44:40 | 000,002,025 | ---- | C] () -- C:\Users\Darlene\Documents\Adobe Reader X.lnk

[2012/02/18 10:09:54 | 000,001,099 | ---- | C] () -- C:\Users\Darlene\Desktop\Documents.lnk

[2012/02/17 08:33:18 | 000,000,312 | ---- | C] () -- C:\ProgramData\~zCxZvAkflklsr3

[2012/02/17 08:33:18 | 000,000,216 | ---- | C] () -- C:\ProgramData\~zCxZvAkflklsr3r

[2012/02/17 08:33:11 | 000,000,408 | ---- | C] () -- C:\ProgramData\zCxZvAkflklsr3

[2012/02/06 16:41:11 | 000,002,306 | ---- | C] () -- C:\Users\Public\Desktop\Play WMS Slots Reel EM IN.lnk

[2012/02/06 14:05:43 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDarlene.job

[2012/02/06 13:59:22 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2011/08/07 19:42:55 | 000,001,854 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\GhostObjGAFix.xml

[2011/06/14 14:50:23 | 000,000,128 | ---- | C] () -- C:\ProgramData\~42786552r

[2011/06/14 14:50:23 | 000,000,104 | ---- | C] () -- C:\ProgramData\~42786552

[2011/06/14 14:50:09 | 000,000,344 | ---- | C] () -- C:\ProgramData\42786552

[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

========== LOP Check ==========

[2012/02/18 09:43:15 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\23954

[2012/02/18 09:43:15 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\A0A23

[2012/02/18 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\AVG2012

[2012/02/18 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\ICAClient

[2012/02/26 12:52:11 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\IObit

[2012/02/18 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\PictureMover

[2009/11/01 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Template

[2009/11/21 21:59:31 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WinBatch

[2012/02/28 11:58:38 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2012/02/01 08:46:10 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extra report:

OTL Extras logfile created on: 2/29/2012 6:36:31 PM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Darlene\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 30.26% Memory free

5.75 Gb Paging File | 3.16 Gb Available in Paging File | 55.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 454.76 Gb Total Space | 398.68 Gb Free Space | 87.67% Space Free | Partition Type: NTFS

Drive D: | 10.90 Gb Total Space | 2.02 Gb Free Space | 18.56% Space Free | Partition Type: NTFS

Drive E: | 83.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DARLENE-PC | User Name: Darlene | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012

"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AVG" = AVG 2012

"CCleaner" = CCleaner

"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover

"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A0C90FB8-D7AE-4ED8-B178-B9065CCF2BC7}" = Brother HL-2140

"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{B5E8EA9B-2DDB-427C-B18D-96C4B4B51999}" = WMS Slots Reel 'em in

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FDACA485-FE5B-41e5-A9BD-B49B19C2F281}" = IObit Toolbar v5.0

"Adobe AIR" = Adobe AIR

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"alotAppbar" = ALOT Appbar

"am-wmsslotsreelemin" = WMS Slots - Reel Em In

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Download Manager" = Download Manager

"Homepage Protection" = Homepage Protection

"HP Remote Solution" = HP Remote Solution

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"IObit Malware Fighter_is1" = IObit Malware Fighter

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2792723376-3193599209-4087185376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thanks so much for your time and effort

Darryl

Link to post
Share on other sites

Sorry for the late reply....I missed your post.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

Good Evening Mr. C. Thanks for getting back to me...

I ran TDSSKiller as you suggested but the results did not quite come up as you described. The 2 threats deteced were:

rootkit.boot.prihar.b

physical drive:\device\harddisk 0\dro

malware object, high risk

the default was....cure

tdss file system

physical drive:\device\harddisc\dro

suspicious object, medium risk

the default was....skip

I left the defaults as they were and continued with the instructions you posted. The computer rebooted with no problems....here is the TDSSKiller report:

20:38:30.0498 7620 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24

20:38:30.0977 7620 ============================================================

20:38:30.0977 7620 Current date / time: 2012/03/01 20:38:30.0977

20:38:30.0977 7620 SystemInfo:

20:38:30.0977 7620

20:38:30.0977 7620 OS Version: 6.1.7600 ServicePack: 0.0

20:38:30.0977 7620 Product type: Workstation

20:38:30.0978 7620 ComputerName: DARLENE-PC

20:38:30.0978 7620 UserName: Darlene

20:38:30.0978 7620 Windows directory: C:\Windows

20:38:30.0978 7620 System windows directory: C:\Windows

20:38:30.0978 7620 Running under WOW64

20:38:30.0978 7620 Processor architecture: Intel x64

20:38:30.0978 7620 Number of processors: 2

20:38:30.0978 7620 Page size: 0x1000

20:38:30.0978 7620 Boot type: Normal boot

20:38:30.0978 7620 ============================================================

20:38:32.0294 7620 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

20:38:32.0299 7620 \Device\Harddisk0\DR0:

20:38:32.0299 7620 MBR used

20:38:32.0299 7620 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

20:38:32.0299 7620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38D84000

20:38:32.0299 7620 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38DB6800, BlocksNum 0x15CF000

20:38:32.0398 7620 Initialize success

20:38:32.0398 7620 ============================================================

20:39:14.0277 6668 ============================================================

20:39:14.0277 6668 Scan started

20:39:14.0277 6668 Mode: Manual; SigCheck; TDLFS;

20:39:14.0277 6668 ============================================================

20:39:16.0208 6668 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

20:39:16.0532 6668 1394ohci - ok

20:39:16.0613 6668 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

20:39:16.0655 6668 ACPI - ok

20:39:16.0687 6668 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

20:39:16.0793 6668 AcpiPmi - ok

20:39:16.0834 6668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:39:16.0881 6668 adp94xx - ok

20:39:16.0908 6668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:39:16.0963 6668 adpahci - ok

20:39:16.0991 6668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:39:17.0027 6668 adpu320 - ok

20:39:17.0095 6668 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

20:39:17.0192 6668 AFD - ok

20:39:17.0253 6668 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys

20:39:17.0397 6668 AgereSoftModem - ok

20:39:17.0435 6668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

20:39:17.0465 6668 agp440 - ok

20:39:17.0503 6668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

20:39:17.0532 6668 aliide - ok

20:39:17.0570 6668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

20:39:17.0598 6668 amdide - ok

20:39:17.0628 6668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:39:17.0695 6668 AmdK8 - ok

20:39:17.0735 6668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:39:17.0792 6668 AmdPPM - ok

20:39:17.0839 6668 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

20:39:17.0870 6668 amdsata - ok

20:39:17.0915 6668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:39:17.0950 6668 amdsbs - ok

20:39:17.0974 6668 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

20:39:18.0003 6668 amdxata - ok

20:39:18.0059 6668 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

20:39:18.0217 6668 AppID - ok

20:39:18.0308 6668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:39:18.0339 6668 arc - ok

20:39:18.0370 6668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:39:18.0402 6668 arcsas - ok

20:39:18.0545 6668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:39:18.0730 6668 AsyncMac - ok

20:39:18.0767 6668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

20:39:18.0795 6668 atapi - ok

20:39:18.0858 6668 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

20:39:18.0924 6668 AVGIDSDriver - ok

20:39:18.0949 6668 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

20:39:18.0973 6668 AVGIDSEH - ok

20:39:18.0994 6668 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

20:39:19.0018 6668 AVGIDSFilter - ok

20:39:19.0065 6668 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

20:39:19.0098 6668 Avgldx64 - ok

20:39:19.0115 6668 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

20:39:19.0142 6668 Avgmfx64 - ok

20:39:19.0168 6668 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

20:39:19.0192 6668 Avgrkx64 - ok

20:39:19.0216 6668 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

20:39:19.0255 6668 Avgtdia - ok

20:39:19.0332 6668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:39:19.0424 6668 b06bdrv - ok

20:39:19.0460 6668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:39:19.0528 6668 b57nd60a - ok

20:39:19.0601 6668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:39:19.0727 6668 Beep - ok

20:39:19.0790 6668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:39:19.0846 6668 blbdrive - ok

20:39:19.0894 6668 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

20:39:19.0988 6668 bowser - ok

20:39:20.0014 6668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:39:20.0078 6668 BrFiltLo - ok

20:39:20.0098 6668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:39:20.0140 6668 BrFiltUp - ok

20:39:20.0183 6668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:39:20.0275 6668 Brserid - ok

20:39:20.0300 6668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:39:20.0361 6668 BrSerWdm - ok

20:39:20.0405 6668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:39:20.0476 6668 BrUsbMdm - ok

20:39:20.0507 6668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:39:20.0558 6668 BrUsbSer - ok

20:39:20.0612 6668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:39:20.0676 6668 BTHMODEM - ok

20:39:20.0732 6668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:39:20.0850 6668 cdfs - ok

20:39:20.0927 6668 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

20:39:20.0982 6668 cdrom - ok

20:39:21.0039 6668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:39:21.0105 6668 circlass - ok

20:39:21.0142 6668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:39:21.0183 6668 CLFS - ok

20:39:21.0262 6668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:39:21.0314 6668 CmBatt - ok

20:39:21.0334 6668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

20:39:21.0362 6668 cmdide - ok

20:39:21.0430 6668 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

20:39:21.0550 6668 CNG - ok

20:39:21.0587 6668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:39:21.0614 6668 Compbatt - ok

20:39:21.0639 6668 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

20:39:21.0704 6668 CompositeBus - ok

20:39:21.0755 6668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:39:21.0783 6668 crcdisk - ok

20:39:21.0853 6668 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

20:39:21.0944 6668 DfsC - ok

20:39:21.0982 6668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:39:22.0111 6668 discache - ok

20:39:22.0170 6668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:39:22.0199 6668 Disk - ok

20:39:22.0253 6668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:39:22.0311 6668 drmkaud - ok

20:39:22.0371 6668 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

20:39:22.0440 6668 DXGKrnl - ok

20:39:22.0557 6668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:39:22.0731 6668 ebdrv - ok

20:39:22.0810 6668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:39:22.0859 6668 elxstor - ok

20:39:22.0878 6668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

20:39:22.0947 6668 ErrDev - ok

20:39:23.0002 6668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:39:23.0116 6668 exfat - ok

20:39:23.0141 6668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:39:23.0273 6668 fastfat - ok

20:39:23.0336 6668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:39:23.0442 6668 fdc - ok

20:39:23.0494 6668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:39:23.0526 6668 FileInfo - ok

20:39:23.0631 6668 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys

20:39:23.0658 6668 FileMonitor - ok

20:39:23.0681 6668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:39:23.0831 6668 Filetrace - ok

20:39:23.0881 6668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:39:23.0933 6668 flpydisk - ok

20:39:23.0983 6668 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

20:39:24.0021 6668 FltMgr - ok

20:39:24.0057 6668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:39:24.0088 6668 FsDepends - ok

20:39:24.0105 6668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

20:39:24.0134 6668 Fs_Rec - ok

20:39:24.0186 6668 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:39:24.0227 6668 fvevol - ok

20:39:24.0256 6668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:39:24.0286 6668 gagp30kx - ok

20:39:24.0360 6668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:39:24.0452 6668 hcw85cir - ok

20:39:24.0485 6668 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:39:24.0549 6668 HDAudBus - ok

20:39:24.0590 6668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:39:24.0645 6668 HidBatt - ok

20:39:24.0682 6668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:39:24.0779 6668 HidBth - ok

20:39:24.0810 6668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:39:24.0872 6668 HidIr - ok

20:39:24.0944 6668 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

20:39:24.0995 6668 HidUsb - ok

20:39:25.0079 6668 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

20:39:25.0110 6668 HpSAMD - ok

20:39:25.0173 6668 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

20:39:25.0360 6668 HTTP - ok

20:39:25.0387 6668 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

20:39:25.0415 6668 hwpolicy - ok

20:39:25.0437 6668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

20:39:25.0474 6668 i8042prt - ok

20:39:25.0529 6668 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

20:39:25.0574 6668 iaStorV - ok

20:39:25.0619 6668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:39:25.0648 6668 iirsp - ok

20:39:25.0748 6668 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys

20:39:25.0857 6668 IntcAzAudAddService - ok

20:39:25.0883 6668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

20:39:25.0910 6668 intelide - ok

20:39:25.0953 6668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:39:26.0008 6668 intelppm - ok

20:39:26.0056 6668 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:39:26.0243 6668 IpFilterDriver - ok

20:39:26.0280 6668 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

20:39:26.0336 6668 IPMIDRV - ok

20:39:26.0373 6668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:39:26.0493 6668 IPNAT - ok

20:39:26.0528 6668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:39:26.0599 6668 IRENUM - ok

20:39:26.0629 6668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

20:39:26.0656 6668 isapnp - ok

20:39:26.0695 6668 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

20:39:26.0730 6668 iScsiPrt - ok

20:39:26.0798 6668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:39:26.0828 6668 kbdclass - ok

20:39:26.0862 6668 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

20:39:26.0925 6668 kbdhid - ok

20:39:26.0974 6668 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

20:39:27.0004 6668 KSecDD - ok

20:39:27.0029 6668 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

20:39:27.0062 6668 KSecPkg - ok

20:39:27.0099 6668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:39:27.0215 6668 ksthunk - ok

20:39:27.0284 6668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:39:27.0397 6668 lltdio - ok

20:39:27.0456 6668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:39:27.0488 6668 LSI_FC - ok

20:39:27.0515 6668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:39:27.0548 6668 LSI_SAS - ok

20:39:27.0575 6668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:39:27.0604 6668 LSI_SAS2 - ok

20:39:27.0632 6668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:39:27.0663 6668 LSI_SCSI - ok

20:39:27.0705 6668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:39:27.0819 6668 luafv - ok

20:39:27.0862 6668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:39:27.0916 6668 megasas - ok

20:39:27.0950 6668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:39:27.0989 6668 MegaSR - ok

20:39:28.0016 6668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:39:28.0131 6668 Modem - ok

20:39:28.0208 6668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:39:28.0268 6668 monitor - ok

20:39:28.0302 6668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:39:28.0331 6668 mouclass - ok

20:39:28.0367 6668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:39:28.0424 6668 mouhid - ok

20:39:28.0469 6668 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

20:39:28.0499 6668 mountmgr - ok

20:39:28.0525 6668 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

20:39:28.0559 6668 mpio - ok

20:39:28.0581 6668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:39:28.0709 6668 mpsdrv - ok

20:39:28.0752 6668 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

20:39:28.0815 6668 MRxDAV - ok

20:39:28.0868 6668 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:39:28.0950 6668 mrxsmb - ok

20:39:28.0998 6668 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:39:29.0056 6668 mrxsmb10 - ok

20:39:29.0088 6668 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:39:29.0145 6668 mrxsmb20 - ok

20:39:29.0171 6668 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

20:39:29.0199 6668 msahci - ok

20:39:29.0232 6668 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

20:39:29.0264 6668 msdsm - ok

20:39:29.0326 6668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:39:29.0422 6668 Msfs - ok

20:39:29.0439 6668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:39:29.0559 6668 mshidkmdf - ok

20:39:29.0597 6668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

20:39:29.0626 6668 msisadrv - ok

20:39:29.0662 6668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:39:29.0778 6668 MSKSSRV - ok

20:39:29.0807 6668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:39:29.0924 6668 MSPCLOCK - ok

20:39:29.0955 6668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:39:30.0071 6668 MSPQM - ok

20:39:30.0107 6668 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

20:39:30.0154 6668 MsRPC - ok

20:39:30.0200 6668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

20:39:30.0228 6668 mssmbios - ok

20:39:30.0254 6668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:39:30.0375 6668 MSTEE - ok

20:39:30.0409 6668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:39:30.0460 6668 MTConfig - ok

20:39:30.0498 6668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:39:30.0528 6668 Mup - ok

20:39:30.0667 6668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:39:30.0741 6668 NativeWifiP - ok

20:39:30.0795 6668 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

20:39:30.0861 6668 NDIS - ok

20:39:30.0895 6668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:39:30.0991 6668 NdisCap - ok

20:39:31.0014 6668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:39:31.0132 6668 NdisTapi - ok

20:39:31.0164 6668 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

20:39:31.0284 6668 Ndisuio - ok

20:39:31.0304 6668 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:39:31.0404 6668 NdisWan - ok

20:39:31.0426 6668 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

20:39:31.0538 6668 NDProxy - ok

20:39:31.0580 6668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:39:31.0695 6668 NetBIOS - ok

20:39:31.0732 6668 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

20:39:31.0856 6668 NetBT - ok

20:39:31.0925 6668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:39:31.0954 6668 nfrd960 - ok

20:39:31.0983 6668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:39:32.0095 6668 Npfs - ok

20:39:32.0140 6668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:39:32.0252 6668 nsiproxy - ok

20:39:32.0331 6668 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

20:39:32.0438 6668 Ntfs - ok

20:39:32.0470 6668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:39:32.0565 6668 Null - ok

20:39:32.0860 6668 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:39:33.0385 6668 nvlddmkm - ok

20:39:33.0415 6668 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys

20:39:33.0438 6668 NVNET - ok

20:39:33.0473 6668 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

20:39:33.0493 6668 nvraid - ok

20:39:33.0520 6668 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

20:39:33.0540 6668 nvstor - ok

20:39:33.0573 6668 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys

20:39:33.0591 6668 nvstor64 - ok

20:39:33.0644 6668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

20:39:33.0663 6668 nv_agp - ok

20:39:33.0692 6668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

20:39:33.0745 6668 ohci1394 - ok

20:39:33.0790 6668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:39:33.0826 6668 Parport - ok

20:39:33.0852 6668 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

20:39:33.0882 6668 partmgr - ok

20:39:33.0913 6668 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

20:39:33.0948 6668 pci - ok

20:39:33.0968 6668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

20:39:33.0995 6668 pciide - ok

20:39:34.0031 6668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:39:34.0068 6668 pcmcia - ok

20:39:34.0095 6668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:39:34.0126 6668 pcw - ok

20:39:34.0164 6668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:39:34.0279 6668 PEAUTH - ok

20:39:34.0384 6668 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

20:39:34.0498 6668 PptpMiniport - ok

20:39:34.0545 6668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:39:34.0598 6668 Processor - ok

20:39:34.0659 6668 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

20:39:34.0773 6668 Psched - ok

20:39:34.0852 6668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:39:34.0956 6668 ql2300 - ok

20:39:34.0991 6668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:39:35.0023 6668 ql40xx - ok

20:39:35.0053 6668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:39:35.0126 6668 QWAVEdrv - ok

20:39:35.0155 6668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:39:35.0265 6668 RasAcd - ok

20:39:35.0298 6668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:39:35.0422 6668 RasAgileVpn - ok

20:39:35.0456 6668 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:39:35.0573 6668 Rasl2tp - ok

20:39:35.0616 6668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:39:35.0733 6668 RasPppoe - ok

20:39:35.0752 6668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:39:35.0871 6668 RasSstp - ok

20:39:35.0917 6668 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

20:39:36.0039 6668 rdbss - ok

20:39:36.0083 6668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:39:36.0145 6668 rdpbus - ok

20:39:36.0178 6668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:39:36.0287 6668 RDPCDD - ok

20:39:36.0306 6668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:39:36.0422 6668 RDPENCDD - ok

20:39:36.0459 6668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:39:36.0553 6668 RDPREFMP - ok

20:39:36.0580 6668 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

20:39:36.0704 6668 RDPWD - ok

20:39:36.0745 6668 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

20:39:36.0780 6668 rdyboost - ok

20:39:36.0849 6668 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys

20:39:36.0872 6668 RegFilter - ok

20:39:36.0928 6668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:39:37.0041 6668 rspndr - ok

20:39:37.0095 6668 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

20:39:37.0126 6668 sbp2port - ok

20:39:37.0153 6668 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

20:39:37.0269 6668 scfilter - ok

20:39:37.0330 6668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:39:37.0441 6668 secdrv - ok

20:39:37.0506 6668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:39:37.0563 6668 Serenum - ok

20:39:37.0603 6668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:39:37.0640 6668 Serial - ok

20:39:37.0669 6668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:39:37.0719 6668 sermouse - ok

20:39:37.0780 6668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

20:39:37.0837 6668 sffdisk - ok

20:39:37.0869 6668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

20:39:37.0929 6668 sffp_mmc - ok

20:39:37.0960 6668 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

20:39:38.0000 6668 sffp_sd - ok

20:39:38.0042 6668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:39:38.0075 6668 sfloppy - ok

20:39:38.0112 6668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:39:38.0141 6668 SiSRaid2 - ok

20:39:38.0161 6668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:39:38.0191 6668 SiSRaid4 - ok

20:39:38.0233 6668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:39:38.0345 6668 Smb - ok

20:39:38.0394 6668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:39:38.0423 6668 spldr - ok

20:39:38.0489 6668 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

20:39:38.0572 6668 srv - ok

20:39:38.0605 6668 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

20:39:38.0670 6668 srv2 - ok

20:39:38.0717 6668 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

20:39:38.0771 6668 srvnet - ok

20:39:38.0836 6668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:39:38.0866 6668 stexstor - ok

20:39:38.0915 6668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

20:39:38.0942 6668 swenum - ok

20:39:39.0051 6668 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

20:39:39.0174 6668 Tcpip - ok

20:39:39.0234 6668 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

20:39:39.0332 6668 TCPIP6 - ok

20:39:39.0371 6668 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

20:39:39.0469 6668 tcpipreg - ok

20:39:39.0499 6668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:39:39.0612 6668 TDPIPE - ok

20:39:39.0643 6668 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

20:39:39.0757 6668 TDTCP - ok

20:39:39.0802 6668 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

20:39:39.0923 6668 tdx - ok

20:39:39.0957 6668 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

20:39:39.0988 6668 TermDD - ok

20:39:40.0053 6668 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:39:40.0150 6668 tssecsrv - ok

20:39:40.0174 6668 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

20:39:40.0298 6668 tunnel - ok

20:39:40.0349 6668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:39:40.0379 6668 uagp35 - ok

20:39:40.0404 6668 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

20:39:40.0528 6668 udfs - ok

20:39:40.0602 6668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

20:39:40.0632 6668 uliagpkx - ok

20:39:40.0650 6668 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

20:39:40.0708 6668 umbus - ok

20:39:40.0821 6668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:39:40.0940 6668 UmPass - ok

20:39:41.0034 6668 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys

20:39:41.0059 6668 UrlFilter - ok

20:39:41.0107 6668 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

20:39:41.0169 6668 usbccgp - ok

20:39:41.0202 6668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

20:39:41.0267 6668 usbcir - ok

20:39:41.0312 6668 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

20:39:41.0367 6668 usbehci - ok

20:39:41.0427 6668 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

20:39:41.0492 6668 usbhub - ok

20:39:41.0531 6668 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

20:39:41.0582 6668 usbohci - ok

20:39:41.0630 6668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:39:41.0687 6668 usbprint - ok

20:39:41.0728 6668 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:39:41.0815 6668 USBSTOR - ok

20:39:41.0847 6668 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

20:39:41.0894 6668 usbuhci - ok

20:39:41.0947 6668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

20:39:41.0975 6668 vdrvroot - ok

20:39:42.0018 6668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:39:42.0059 6668 vga - ok

20:39:42.0083 6668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:39:42.0196 6668 VgaSave - ok

20:39:42.0246 6668 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

20:39:42.0282 6668 vhdmp - ok

20:39:42.0310 6668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

20:39:42.0338 6668 viaide - ok

20:39:42.0370 6668 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

20:39:42.0402 6668 volmgr - ok

20:39:42.0446 6668 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

20:39:42.0488 6668 volmgrx - ok

20:39:42.0546 6668 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

20:39:42.0584 6668 volsnap - ok

20:39:42.0610 6668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:39:42.0644 6668 vsmraid - ok

20:39:42.0672 6668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

20:39:42.0756 6668 vwifibus - ok

20:39:42.0802 6668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:39:42.0852 6668 WacomPen - ok

20:39:42.0905 6668 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

20:39:43.0021 6668 WANARP - ok

20:39:43.0030 6668 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

20:39:43.0127 6668 Wanarpv6 - ok

20:39:43.0207 6668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:39:43.0234 6668 Wd - ok

20:39:43.0275 6668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:39:43.0329 6668 Wdf01000 - ok

20:39:43.0394 6668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:39:43.0492 6668 WfpLwf - ok

20:39:43.0518 6668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:39:43.0545 6668 WIMMount - ok

20:39:43.0646 6668 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

20:39:43.0705 6668 WinUsb - ok

20:39:43.0749 6668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:39:43.0799 6668 WmiAcpi - ok

20:39:43.0879 6668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:39:43.0975 6668 ws2ifsl - ok

20:39:44.0025 6668 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

20:39:44.0145 6668 WudfPf - ok

20:39:44.0189 6668 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:39:44.0290 6668 WUDFRd - ok

20:39:44.0340 6668 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0

20:39:44.0369 6668 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

20:39:44.0369 6668 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

20:39:44.0400 6668 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:39:44.0401 6668 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:39:44.0438 6668 Boot (0x1200) (eba8655466c035177020ae569cb13a60) \Device\Harddisk0\DR0\Partition0

20:39:44.0441 6668 \Device\Harddisk0\DR0\Partition0 - ok

20:39:44.0457 6668 Boot (0x1200) (1f418ea9d33d1da1f5b6af85b54fe64b) \Device\Harddisk0\DR0\Partition1

20:39:44.0460 6668 \Device\Harddisk0\DR0\Partition1 - ok

20:39:44.0492 6668 Boot (0x1200) (28624251aa9bb9d202863fff29da62a6) \Device\Harddisk0\DR0\Partition2

20:39:44.0494 6668 \Device\Harddisk0\DR0\Partition2 - ok

20:39:44.0495 6668 ============================================================

20:39:44.0495 6668 Scan finished

20:39:44.0495 6668 ============================================================

20:39:44.0527 4020 Detected object count: 2

20:39:44.0527 4020 Actual detected object count: 2

20:51:12.0367 4020 \Device\Harddisk0\DR0\# - copied to quarantine

20:51:12.0367 4020 \Device\Harddisk0\DR0 - copied to quarantine

20:51:12.0407 4020 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

20:51:12.0407 4020 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

20:51:12.0417 4020 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

20:51:12.0427 4020 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

20:51:12.0437 4020 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

20:51:12.0437 4020 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

20:51:12.0437 4020 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

20:51:12.0467 4020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

20:51:12.0477 4020 \Device\Harddisk0\DR0 - ok

20:51:13.0037 4020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

20:51:13.0037 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:51:13.0037 4020 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

20:51:36.0477 7544 Deinitialize success

Thanks so much.....

Darryl

Link to post
Share on other sites

You did it correctly and as you see if found a rootkit.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Mr. C.....we live in Tennessee and are preparing for very severe weather this afternooon. Possible severe thunderstorms with long tracking tornados...can we put this on hold for a day or so? If everything is ok, I will be able to continue on this tomorrow (Saturday). If i find the time before the storms hit us, I will run combofix.

Thanks

Darryl

Link to post
Share on other sites

OK, no problem. I'll be away from the forum most of the day tomorrow anyway.

After you run ComboFix and post the log.....

Please Update and run a Quick Scan with MBAM, post the report.

MrC

Link to post
Share on other sites

<p>Mr. C....we were more fortunate than others in these last storms that had tornados, we suffered no damage in our area. Combofix turned out to be a tempermental program. At first it would not run on the computer...not compatible with windows 7. Re downloaded it and it ran successfully.  AVG antivirus can only be turned off for a maximum of 15 minutes, during the combofix scan AVG turned itself back on. Combofix completed the scan....here is the report:</p>

<p> </p>

<p> </p>

<p> </p>

<div>ComboFix 12-03-02.01 - Darlene 03/03/2012  12:02:18.1.2 - x64</div>

<div>Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2942.1982 [GMT -6:00]</div>

<div>Running from: c:\users\Darlene\Desktop\ComboFix.exe</div>

<div>AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}</div>

<div>SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}</div>

<div>SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\program files (x86)\LP</div>

<div>c:\program files (x86)\LP\EF2A\36CF.tmp</div>

<div>c:\program files (x86)\LP\EF2A\878B.tmp</div>

<div>c:\program files (x86)\LP\EF2A\98BE.tmp</div>

<div>c:\program files (x86)\LP\EF2A\AA96.tmp</div>

<div>c:\programdata\~zCxZvAkflklsr3</div>

<div>c:\programdata\~zCxZvAkflklsr3r</div>

<div>c:\programdata\zCxZvAkflklsr3</div>

<div>c:\users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-02-03 to 2012-03-03  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-03-03 18:10 . 2012-03-03 18:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2012-03-02 02:51 . 2012-03-02 02:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\TDSSKiller_Quarantine</div>

<div>2012-02-27 03:23 . 2012-02-27 03:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\New folder</div>

<div>2012-02-27 00:41 . 2012-02-27 00:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\alotappbar</div>

<div>2012-02-27 00:41 . 2012-02-27 00:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Local\DownloadManager</div>

<div>2012-02-27 00:41 . 2012-02-27 00:41<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Download Manager</div>

<div>2012-02-26 17:14 . 2012-02-26 17:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Application Updater</div>

<div>2012-02-26 17:14 . 2012-02-26 17:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\IObit Toolbar</div>

<div>2012-02-26 17:14 . 2012-02-26 17:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Spigot</div>

<div>2012-02-26 17:04 . 2012-02-26 17:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\IObit</div>

<div>2012-02-26 17:04 . 2012-02-26 18:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\IObit</div>

<div>2012-02-26 17:04 . 2012-02-26 17:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\IObit</div>

<div>2012-02-23 23:35 . 2012-02-23 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Google</div>

<div>2012-02-23 23:34 . 2012-02-23 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Google</div>

<div>2012-02-23 23:34 . 2012-02-23 23:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Macromed</div>

<div>2012-02-19 09:13 . 2012-02-19 09:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>C:\$AVG</div>

<div>2012-02-19 00:52 . 2012-01-04 09:58<span class="Apple-tab-span" style="white-space:pre"> </span>509952<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntshrui.dll</div>

<div>2012-02-19 00:52 . 2012-01-04 09:03<span class="Apple-tab-span" style="white-space:pre"> </span>442880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ntshrui.dll</div>

<div>2012-02-19 00:52 . 2012-01-03 06:24<span class="Apple-tab-span" style="white-space:pre"> </span>515584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\timedate.cpl</div>

<div>2012-02-19 00:52 . 2012-01-03 05:44<span class="Apple-tab-span" style="white-space:pre"> </span>478208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\timedate.cpl</div>

<div>2012-02-18 20:16 . 2012-02-18 20:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\AVG2012</div>

<div>2012-02-18 20:15 . 2012-02-18 20:15<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d--h--w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Common Files</div>

<div>2012-02-18 20:15 . 2012-02-18 20:15<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\drivers\AVG</div>

<div>2012-02-18 20:14 . 2012-03-03 14:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\AVG</div>

<div>2012-02-18 20:14 . 2012-02-18 20:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\AVG2012</div>

<div>2012-02-18 20:13 . 2012-02-18 20:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\AVG</div>

<div>2012-02-18 20:12 . 2012-03-03 14:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\MFAData</div>

<div>2012-02-18 16:47 . 2011-12-10 21:24<span class="Apple-tab-span" style="white-space:pre"> </span>23152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-02-18 16:46 . 2012-02-18 16:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\Adobe</div>

<div>2012-02-18 16:44 . 2012-02-18 16:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Adobe</div>

<div>2012-02-18 16:40 . 2012-02-18 16:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\CCleaner</div>

<div>2012-02-18 15:47 . 2012-01-06 05:15<span class="Apple-tab-span" style="white-space:pre"> </span>8602168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6BDED63-7DCF-48C3-AAFC-D336D929D82C}\mpengine.dll</div>

<div>2012-02-18 15:27 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Admin</div>

<div>2012-02-17 14:22 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\23954</div>

<div>2012-02-17 14:21 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Darlene\AppData\Roaming\A0A23</div>

<div>2012-02-17 05:15 . 2012-02-18 15:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\23954</div>

<div>2012-02-16 18:26 . 2012-02-16 18:26<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\5A73.tmp</div>

<div>2012-02-16 18:26 . 2012-02-16 18:26<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\5A53.tmp</div>

<div>2012-02-06 22:41 . 2005-05-26 21:34<span class="Apple-tab-span" style="white-space:pre"> </span>3767504<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d3dx9_26.dll</div>

<div>2012-02-06 22:41 . 2005-05-26 21:34<span class="Apple-tab-span" style="white-space:pre"> </span>2297552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\d3dx9_26.dll</div>

<div>2012-02-06 22:39 . 2012-02-18 15:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Public\Phantom EFX</div>

<div>2012-02-06 19:58 . 2012-02-06 19:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}</div>

<div>2012-02-06 05:51 . 2012-02-06 05:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\Sun</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-02-23 23:34 . 2011-08-17 17:46<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</div>

<div>2012-01-31 00:47 . 2012-01-31 00:47<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\BA72.tmp</div>

<div>2012-01-31 00:47 . 2012-01-31 00:47<span class="Apple-tab-span" style="white-space:pre"> </span>6656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\DRM\BA61.tmp</div>

<div>2012-01-27 06:52 . 2009-10-30 21:21<span class="Apple-tab-span" style="white-space:pre"> </span>279656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>

<div>2011-12-07 23:17 . 2011-12-07 23:17<span class="Apple-tab-span" style="white-space:pre"> </span>158056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]</div>

<div>2012-02-15 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>48488<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]</div>

<div>2009-06-08 21:41<span class="Apple-tab-span" style="white-space:pre"> </span>120104<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]</div>

<div>2009-11-25 17:47<span class="Apple-tab-span" style="white-space:pre"> </span>297808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\System32\mscoree.dll</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</div>

<div>"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [2012-02-15 48488]</div>

<div>.</div>

<div>[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]</div>

<div>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-23 39408]</div>

<div>"DownloadManager"="c:\program files (x86)\Download Manager\DownloadManager.exe" [2012-02-27 654336]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]</div>

<div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]</div>

<div>"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]</div>

<div>"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-09-18 967168]</div>

<div>"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-30 149280]</div>

<div>"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]</div>

<div>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]</div>

<div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]</div>

<div>"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]</div>

<div>"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>

<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</div>

<div>"aux"=wdmaud.drv</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>

<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]</div>

<div>@="Service"</div>

<div>.</div>

<div>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]</div>

<div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>

<div>R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]</div>

<div>R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]</div>

<div>R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]</div>

<div>R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]</div>

<div>R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]</div>

<div>R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]</div>

<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]</div>

<div>R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]</div>

<div>S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]</div>

<div>S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]</div>

<div>S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]</div>

<div>S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]</div>

<div>S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]</div>

<div>S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]</div>

<div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]</div>

<div>S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]</div>

<div>S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]</div>

<div>S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]</div>

<div>S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]</div>

<div>S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]</div>

<div>.</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - WS2IFSL</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34]</div>

<div>.</div>

<div>2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34]</div>

<div>.</div>

<div>2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001Core.job</div>

<div>- c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37]</div>

<div>.</div>

<div>2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001UA.job</div>

<div>- c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37]</div>

<div>.</div>

<div>2012-02-23 c:\windows\Tasks\HPCeeScheduleForDarlene.job</div>

<div>- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]</div>

<div>.</div>

<div>2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job</div>

<div>- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]</div>

<div>.</div>

<div>.</div>

<div>--------- x86-64 -----------</div>

<div>.</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]</div>

<div>"LoadAppInit_DLLs"=0x0</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = hxxp://www.pogo.com/</div>

<div>uLocal Page = c:\windows\system32\blank.htm</div>

<div>mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt</div>

<div>mLocal Page = c:\windows\SysWOW64\blank.htm</div>

<div>uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=AAF00B3001CCF4E800D9CE4A&src_id=30504&camp_id=3906&tb_version=1.1.3001.0(B)</div>

<div>IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html</div>

<div>TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe</div>

<div>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe</div>

<div>AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Shockwave Flash Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>

<div>@="0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash.10"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Macromedia Flash Factory Object"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="FlashFactory.FlashFactory.1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>@="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="FlashFactory.FlashFactory"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker4"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</div>

<div>@="{00020424-0000-0000-C000-000000000046}"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</div>

<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>

<div>"Version"="1.0"</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>

<div>@Denied: (A) (Users)</div>

<div>@Denied: (A) (Everyone)</div>

<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>

<div>"BlindDial"=dword:00000000</div>

<div>"MSCurrentCountry"=dword:000000b5</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</div>

<div>@Denied: (Full) (Everyone)</div>

<div>.</div>

<div>------------------------ Other Running Processes ------------------------</div>

<div>.</div>

<div>c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe</div>

<div>c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE</div>

<div>c:\program files (x86)\Brownie\brpjp04a.exe</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>Completion time: 2012-03-03  12:20:38 - machine was rebooted</div>

<div>ComboFix-quarantined-files.txt  2012-03-03 18:20</div>

<div>.</div>

<div>Pre-Run: 429,059,964,928 bytes free</div>

<div>Post-Run: 429,296,713,728 bytes free</div>

<div>.</div>

<div>- - End Of File - - F6F20D961E21F5CB877F61B0DA730DDB</div>

<div> </div>

<div> </div>

<div> </div>

<div> </div>

<div>Updated and ran Malwarebytes in quick scan mode...here is the report:</div>

<div> </div>

<div> </div>

<div>

<div>Malwarebytes Anti-Malware 1.60.1.1000</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.03.03.07</div>

<div> </div>

<div>Windows 7 x64 NTFS</div>

<div>Internet Explorer 8.0.7600.16385</div>

<div>Darlene :: DARLENE-PC [administrator]</div>

<div> </div>

<div>3/3/2012 12:33:45 PM</div>

<div>mbam-log-2012-03-03 (12-33-45).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 221859</div>

<div>Time elapsed: 4 minute(s), 38 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

</div>

<div> </div>

<div>Malwarebytes completed the quick scan with no objects detected and also during the scan AVG antivirus DID NOT pop up with any threats detected like it did before. Does this mean that it is clean????</div>

<div> </div>

<div>Thanks so much for your help...</div>

<div> </div>

Link to post
Share on other sites

Some how, some way, my comments at the end of the last post got put into the end of the malwarebytes report!! I meant to say:

Malwarebytes completed the quick scan with no objects detected and also during the scan AVG antivirus DID NOT pop up with any threats detected like it did before. Does this mean that it is clean????

Thanks so much for your help...

Darryl

Link to post
Share on other sites

Let me repost the combofix report and malware report again......

COMBOFIX REPORT:

ComboFix 12-03-02.01 - Darlene 03/03/2012 12:02:18.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2942.1982 [GMT -6:00]

Running from: c:\users\Darlene\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\program files (x86)\LP\EF2A\36CF.tmp

c:\program files (x86)\LP\EF2A\878B.tmp

c:\program files (x86)\LP\EF2A\98BE.tmp

c:\program files (x86)\LP\EF2A\AA96.tmp

c:\programdata\~zCxZvAkflklsr3

c:\programdata\~zCxZvAkflklsr3r

c:\programdata\zCxZvAkflklsr3

c:\users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

.

.

((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))

.

.

2012-03-03 18:10 . 2012-03-03 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-02 02:51 . 2012-03-02 02:51 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-27 03:23 . 2012-02-27 03:23 -------- d-----w- c:\users\Darlene\New folder

2012-02-27 00:41 . 2012-02-27 00:41 -------- d-----w- c:\program files (x86)\alotappbar

2012-02-27 00:41 . 2012-02-27 00:41 -------- d-----w- c:\users\Darlene\AppData\Local\DownloadManager

2012-02-27 00:41 . 2012-02-27 00:41 -------- d-----w- c:\program files (x86)\Download Manager

2012-02-26 17:14 . 2012-02-26 17:14 -------- d-----w- c:\program files (x86)\Application Updater

2012-02-26 17:14 . 2012-02-26 17:14 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-02-26 17:14 . 2012-02-26 17:14 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-02-26 17:04 . 2012-02-26 17:04 -------- d-----w- c:\programdata\IObit

2012-02-26 17:04 . 2012-02-26 18:52 -------- d-----w- c:\users\Darlene\AppData\Roaming\IObit

2012-02-26 17:04 . 2012-02-26 17:13 -------- d-----w- c:\program files (x86)\IObit

2012-02-23 23:35 . 2012-02-23 23:35 -------- d-----w- c:\program files\Google

2012-02-23 23:34 . 2012-02-23 23:35 -------- d-----w- c:\program files (x86)\Google

2012-02-23 23:34 . 2012-02-23 23:34 -------- d-----w- c:\windows\system32\Macromed

2012-02-19 09:13 . 2012-02-19 09:13 -------- d-----w- C:\$AVG

2012-02-19 00:52 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-19 00:52 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-19 00:52 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-19 00:52 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-18 20:16 . 2012-02-18 20:16 -------- d-----w- c:\users\Darlene\AppData\Roaming\AVG2012

2012-02-18 20:15 . 2012-02-18 20:15 -------- d--h--w- c:\programdata\Common Files

2012-02-18 20:15 . 2012-02-18 20:15 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-02-18 20:14 . 2012-03-03 14:14 -------- d-----w- c:\windows\system32\drivers\AVG

2012-02-18 20:14 . 2012-02-18 20:30 -------- d-----w- c:\programdata\AVG2012

2012-02-18 20:13 . 2012-02-18 20:13 -------- d-----w- c:\program files (x86)\AVG

2012-02-18 20:12 . 2012-03-03 14:14 -------- d-----w- c:\programdata\MFAData

2012-02-18 16:47 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-18 16:46 . 2012-02-18 16:46 -------- d-----w- c:\windows\SysWow64\Adobe

2012-02-18 16:44 . 2012-02-18 16:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-02-18 16:40 . 2012-02-18 16:40 -------- d-----w- c:\program files\CCleaner

2012-02-18 15:47 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6BDED63-7DCF-48C3-AAFC-D336D929D82C}\mpengine.dll

2012-02-18 15:27 . 2012-02-18 15:43 -------- d-----w- c:\users\Admin

2012-02-17 14:22 . 2012-02-18 15:43 -------- d-----w- c:\users\Darlene\AppData\Roaming\23954

2012-02-17 14:21 . 2012-02-18 15:43 -------- d-----w- c:\users\Darlene\AppData\Roaming\A0A23

2012-02-17 05:15 . 2012-02-18 15:43 -------- d-----w- c:\program files (x86)\23954

2012-02-16 18:26 . 2012-02-16 18:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5A73.tmp

2012-02-16 18:26 . 2012-02-16 18:26 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5A53.tmp

2012-02-06 22:41 . 2005-05-26 21:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-02-06 22:41 . 2005-05-26 21:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll

2012-02-06 22:39 . 2012-02-18 15:36 -------- d-----w- c:\users\Public\Phantom EFX

2012-02-06 19:58 . 2012-02-06 19:58 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}

2012-02-06 05:51 . 2012-02-06 05:51 -------- d-----w- c:\windows\Sun

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 23:34 . 2011-08-17 17:46 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-31 00:47 . 2012-01-31 00:47 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA72.tmp

2012-01-31 00:47 . 2012-01-31 00:47 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\BA61.tmp

2012-01-27 06:52 . 2009-10-30 21:21 279656 ----a-w- c:\windows\system32\MpSigStub.exe

2011-12-07 23:17 . 2011-12-07 23:17 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]

2012-02-15 17:47 48488 ----a-w- c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]

2009-11-25 17:47 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [2012-02-15 48488]

.

[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-23 39408]

"DownloadManager"="c:\program files (x86)\Download Manager\DownloadManager.exe" [2012-02-27 654336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2008-09-18 967168]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-30 149280]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 136176]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-06 21384]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-02-06 748440]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 23:34]

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001Core.job

- c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37]

.

2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792723376-3193599209-4087185376-1001UA.job

- c:\users\Darlene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-27 15:37]

.

2012-02-23 c:\windows\Tasks\HPCeeScheduleForDarlene.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]

.

2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.pogo.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Presario&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=AAF00B3001CCF4E800D9CE4A&src_id=30504&camp_id=3906&tb_version=1.1.3001.0(B)

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Brownie\brpjp04a.exe

.

**************************************************************************

.

Completion time: 2012-03-03 12:20:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-03 18:20

.

Pre-Run: 429,059,964,928 bytes free

Post-Run: 429,296,713,728 bytes free

.

- - End Of File - - F6F20D961E21F5CB877F61B0DA730DDB

MALWARE BYTES REPORT

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.03.07

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Darlene :: DARLENE-PC [administrator]

3/3/2012 12:33:45 PM

mbam-log-2012-03-03 (12-33-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 221859

Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Sorry for the confusion.......Darryl

Link to post
Share on other sites

Mr. C. ....

I just did about 15 random searches with no mis-directed searches, what I searched for is what came up. Also, it appears that the computer is slightly faster. So, it appears that her computer is functioning correctly. Do I need to update anything? Java, flash player, etc. I am suggesting that she no longer use internet explorer and she is now using Google Chrome. I need to check to see if there are any Windows 7 updates, didn't want to do that till we got rid of the virus/trojon horses. Do I also need to remove the dianostic programs I downloaded?

She spends a lot of time on Facebook/farmville. Do you suggest any extra precautions? One other note, along with Malwarebytes, AVG antivirus, I have the Windows 7 firewall turned on. Is that sufficient?

Thanks again.....Darryl

Link to post
Share on other sites

Good!

--------------------------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

--------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.