1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

eximious redirect virus

Discussion in 'Virus & Other Malware Removal' started by a23kiki23, Oct 31, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Starter, 32 bit
    Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz, x64 Family 6 Model 28 Stepping 10
    Processor Count: 2
    RAM: 1013 Mb
    Graphics Card: Intel(R) Graphics Media Accelerator 3150, 256 Mb
    Hard Drives: C: Total - 226080 MB, Free - 202883 MB;
    Motherboard: Acer, AO532h
    Antivirus: None

    I have AVG running on this computer.

    When I ran HJT I got the following error message:
    "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.
    If that happens, you need to edit the file yourself. To do this, click Start, Run and type:
    notepad C:\Windows\System32\drivers\etc\host
    and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'hosts.' (with quotes), and reboot.
    For vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'."

    Also, http://gmer.net/index.php was not loading at the time of this posting. Not sure if the site is down or not, but I couldn't access it.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:06:45 PM, on 10/31/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Users\ktolsen\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
    C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
    O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files\Emsisoft Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Acer VCM.lnk = ?
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
    O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Unknown owner - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
    O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

    --
    End of file - 9394 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by ktolsen at 16:56:45 on 2011-10-31
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.183 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\3426840871:3633233459.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Acer\Registration\GregHSRW.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WhatPulse\WhatPulse.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Users\ktolsen\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
    C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\ktolsen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\Partner.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\users\ktolsen\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
    mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [NortonOnlineBackupReminder] "c:\program files\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
    StartupFolder: c:\users\ktolsen\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
    StartupFolder: c:\users\ktolsen\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.7.254
    TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F} : DhcpNameServer = 192.168.7.254
    TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F}\5575E45647 : DhcpNameServer = 144.92.254.254 128.104.254.254
    TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F}\94D602F6E602160226F61647 : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
    TCP: Interfaces\{9DC33528-B535-42ED-B067-337E18BFBF9F}\B45667F623 : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-10-31 17904]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-1-8 107016]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-1-8 727584]
    R2 Greg_Service;GRegService;c:\program files\acer\registration\GregHSRW.exe [2009-8-28 1150496]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-1-8 54784]
    S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-10-31 3074040]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
    S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-25 135664]
    S2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-1-8 253952]
    S2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-1-8 240160]
    S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-10-31 51632]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-1-8 103296]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-25 135664]
    S3 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]
    S3 Partner Service;Partner Service;c:\programdata\partner\Partner.exe [2010-1-8 332272]
    .
    =============== Created Last 30 ================
    .
    2011-10-31 21:56:50 41680 ----a-w- c:\windows\system32\drivers\hoxbgkwk.sys
    2011-10-31 21:52:25 388096 ----a-r- c:\users\ktolsen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-10-31 21:52:25 -------- d-----w- c:\program files\Trend Micro
    2011-10-31 21:40:17 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7b9bc85c-9ab2-4667-a7fb-a40b4d681712}\offreg.dll
    2011-10-31 21:21:38 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-10-31 07:46:28 -------- d-----w- c:\users\ktolsen\appdata\roaming\TestApp
    2011-10-31 07:10:36 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7b9bc85c-9ab2-4667-a7fb-a40b4d681712}\mpengine.dll
    2011-10-31 07:10:34 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-31 05:02:54 -------- d-----w- c:\windows\system32\SPReview
    2011-10-31 05:01:31 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-31 04:49:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-31 04:49:28 -------- d-----w- c:\users\ktolsen\appdata\roaming\Malwarebytes
    2011-10-31 04:49:12 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-31 04:49:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-30 23:59:19 48016 --sha-w- c:\windows\system32\c_43734.nl_
    2011-10-27 15:31:24 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
    2011-10-27 15:27:29 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-27 15:27:29 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-27 15:27:29 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-27 15:27:29 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-27 15:27:29 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-27 14:43:10 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-27 14:43:10 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-27 14:42:22 276992 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-10-27 03:55:42 280064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
    2011-10-27 03:22:18 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-10-27 03:22:17 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-10-27 03:22:17 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-10-26 18:18:40 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-26 18:03:34 -------- d--h--w- C:\$AVG
    2011-10-26 17:58:19 -------- d-sh--w- c:\users\ktolsen\appdata\local\277141cc
    2011-10-26 14:14:55 -------- d-----w- c:\users\ktolsen\appdata\roaming\WhatPulse
    2011-10-26 14:14:50 -------- d-----w- c:\program files\WhatPulse
    2011-10-26 11:40:23 -------- d-----w- C:\DEVICE
    2011-10-26 09:41:04 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-10-26 09:41:01 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-10-26 09:40:58 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-26 09:40:57 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-10-26 09:40:57 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-10-26 09:40:57 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-10-26 09:40:56 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-10-26 09:40:56 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-10-26 09:40:56 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-10-26 09:40:38 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2011-10-26 09:40:37 1413632 ----a-w- c:\windows\system32\ole32.dll
    2011-10-26 09:39:00 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2011-10-26 09:38:48 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-26 09:38:45 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-26 09:38:43 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-26 09:38:23 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-10-26 09:38:14 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2011-10-26 09:37:56 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-10-26 09:36:38 82944 ----a-w- c:\windows\system32\iccvid.dll
    2011-10-26 09:36:38 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2011-10-26 09:36:26 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-10-26 09:36:24 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-10-26 09:36:04 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-26 09:36:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-26 09:35:23 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-10-26 09:35:21 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-10-26 09:34:56 285696 ----a-w- c:\windows\system32\winlogon.exe
    2011-10-26 09:34:49 109056 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-26 09:34:44 516096 ----a-w- c:\program files\windows mail\wab.exe
    2011-10-26 09:33:33 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-26 09:33:32 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-26 09:33:31 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-26 09:33:30 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-26 09:33:30 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-26 09:33:21 224256 ----a-w- c:\windows\system32\schannel.dll
    2011-10-26 09:33:04 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-10-26 09:32:44 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-26 09:32:43 496128 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-26 09:32:42 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-26 09:32:42 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-26 09:32:42 192000 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-26 09:32:41 179712 ----a-w- c:\windows\system32\schtasks.exe
    2011-10-26 09:32:22 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-10-26 09:32:22 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2011-10-26 09:32:15 37376 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-26 09:32:02 1619968 ----a-w- c:\program files\windows mail\msoe.dll
    2011-10-26 09:31:46 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-10-26 09:31:28 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-26 09:31:25 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-26 09:31:25 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-26 09:31:11 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-26 09:31:11 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-26 09:30:39 573440 ----a-w- c:\windows\system32\odbc32.dll
    2011-10-26 09:30:35 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2011-10-26 09:30:34 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
    2011-10-26 09:30:33 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
    2011-10-26 09:30:33 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll
    2011-10-26 09:30:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-26 09:27:54 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-10-26 09:27:41 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-10-26 09:27:23 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-26 09:27:12 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2011-10-26 09:27:02 530432 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-26 09:26:53 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-10-26 09:26:53 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-10-26 09:26:42 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-10-26 09:24:50 1401856 ----a-w- c:\windows\system32\mssrch.dll
    2011-10-26 09:24:49 1553920 ----a-w- c:\windows\system32\tquery.dll
    2011-10-26 09:24:44 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-10-26 09:24:44 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-10-26 09:24:43 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-10-26 09:24:42 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-10-26 09:24:42 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-10-26 09:24:41 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-10-26 09:24:41 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-10-26 09:24:23 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-10-26 09:24:12 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-10-26 09:24:05 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-10-26 09:22:41 2614784 ----a-w- c:\windows\explorer.exe
    2011-10-26 09:22:30 314368 ----a-w- c:\windows\system32\webio.dll
    2011-10-26 09:18:08 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-10-26 09:18:08 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-10-26 09:18:08 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-10-26 09:18:08 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-10-26 09:18:07 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
    2011-10-26 09:18:06 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-10-26 09:16:55 1289536 ----a-w- c:\windows\system32\ntdll.dll
    2011-10-26 09:16:38 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2011-10-26 09:16:27 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-10-26 09:16:04 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-10-26 09:16:01 3181568 ----a-w- c:\windows\system32\mf.dll
    2011-10-26 09:15:56 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-10-26 09:15:55 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-10-26 09:15:55 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-10-26 09:15:55 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2011-10-26 09:15:54 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-10-26 09:15:21 101760 ----a-w- c:\windows\system32\consent.exe
    2011-10-26 09:14:52 369152 ----a-w- c:\windows\system32\secproc.dll
    2011-10-26 09:14:52 365568 ----a-w- c:\windows\system32\secproc_isv.dll
    2011-10-26 09:14:36 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2011-10-26 09:14:36 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2011-10-26 09:14:36 320512 ----a-w- c:\windows\system32\RMActivate.exe
    2011-10-26 09:14:35 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
    2011-10-26 09:14:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2011-10-26 09:14:30 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2011-10-26 09:14:07 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-10-26 09:14:05 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-10-26 09:12:54 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
    2011-10-26 09:12:41 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2011-10-26 09:12:12 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-10-26 09:11:58 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-10-26 08:22:33 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-10-26 08:22:30 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-10-26 08:22:29 107520 ----a-w- c:\windows\system32\cdd.dll
    2011-10-26 00:19:02 -------- d-----w- c:\windows\NAPP_Dism_Log
    2011-10-25 23:26:10 -------- d-----w- c:\windows\system32\Lang
    2011-10-25 23:26:09 1002008 ----a-w- c:\windows\system32\igxpun.exe
    2011-10-25 22:49:34 -------- d-----r- c:\program files\Skype
    2011-10-25 22:40:05 -------- d-----w- c:\users\ktolsen\appdata\local\Evernote
    2011-10-25 22:39:25 -------- d-----w- c:\program files\Evernote
    2011-10-25 22:34:00 -------- d-----w- c:\users\ktolsen\appdata\roaming\AVG2012
    2011-10-25 22:31:53 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-10-25 22:31:53 -------- d-----w- c:\programdata\AVG2012
    2011-10-25 22:30:35 -------- d-----w- c:\program files\AVG
    2011-10-25 22:24:32 -------- d--h--w- c:\programdata\Common Files
    2011-10-25 22:24:12 -------- d-----w- c:\programdata\MFAData
    2011-10-25 22:16:26 -------- d-----w- c:\users\ktolsen\appdata\local\Apps
    2011-10-25 22:16:24 -------- d-----w- c:\users\ktolsen\appdata\local\Deployment
    2011-10-25 22:12:12 -------- d-----w- c:\users\ktolsen\appdata\local\Google
    2011-10-25 21:51:11 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-10-25 21:50:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-10-25 21:49:14 -------- d-----w- c:\program files\Microsoft
    2011-10-25 21:48:48 -------- d-----w- c:\program files\Windows Live SkyDrive
    2011-10-25 21:47:46 74520 ----a-w- c:\program files\common files\windows live\.cache\bb4d28591cc935f\DSETUP.dll
    2011-10-25 21:47:46 484632 ----a-w- c:\program files\common files\windows live\.cache\bb4d28591cc935f\DXSETUP.exe
    2011-10-25 21:47:46 1670936 ----a-w- c:\program files\common files\windows live\.cache\bb4d28591cc935f\dsetup32.dll
    2011-10-25 21:46:46 141402440 ----a-w- c:\program files\common files\windows live\.cache\wlc5977.tmp
    2011-10-25 21:46:16 -------- d-----w- c:\program files\common files\Windows Live
    2011-10-25 21:44:35 106496 ----a-w- c:\windows\FixUVC.exe
    2011-10-25 21:42:45 -------- d-----w- c:\program files\Synaptics
    2011-10-25 21:39:13 -------- d---a-w- C:\book
    2011-10-25 21:39:13 -------- d-----w- c:\programdata\McQcModifier-5c47-a7b0
    2011-10-25 21:39:09 -------- d-----w- c:\users\ktolsen\appdata\roaming\Acer
    2011-10-25 21:38:56 -------- d-----w- c:\users\ktolsen\appdata\local\EgisTec
    2011-10-25 21:36:29 -------- d-----w- c:\program files\OEM
    2011-10-25 21:36:16 -------- d-----w- c:\programdata\OEM_E471269A730D
    2011-10-25 21:36:07 172032 ----a-w- c:\windows\system32\wintrust.dll
    2011-10-25 21:36:05 132608 ----a-w- c:\windows\system32\cabview.dll
    .
    ==================== Find3M ====================
    .
    2011-10-25 23:26:43 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
    2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    ============= FINISH: 16:59:36.69 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/25/2011 4:32:36 PM
    System Uptime: 10/31/2011 4:37:13 PM (0 hours ago)
    .
    Motherboard: Acer | | AO532h
    Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU | 999/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 221 GiB total, 198.137 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP15: 10/31/2011 12:02:32 AM - Windows 7 Service Pack 1
    RP16: 10/31/2011 2:09:53 AM - Windows Update
    RP18: 10/31/2011 2:23:22 AM - Windows Defender Checkpoint
    RP19: 10/31/2011 2:51:38 AM - Windows Modules Installer
    RP20: 10/31/2011 4:51:30 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Acer Assist
    Acer Crystal Eye webcam Ver:1.1.121.1113
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    AVG 2012
    Compatibility Pack for the 2007 Office system
    eBay Worldwide
    Emsisoft Anti-Malware
    eSobi v2
    Evernote v. 4.5.1
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Identity Card
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Junk Mail filter update
    Launch Manager
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSVCRT
    MyWinLocker
    Norton Online Backup
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 5.5
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Welcome Center
    WhatPulse 1.7
    Windows Driver Package - ENE (EUCR) USB (11/23/2009 5.89.0.62)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/31/2011 9:49:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    10/31/2011 4:40:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    10/31/2011 4:39:11 PM, Error: Service Control Manager [7000] - The Emsisoft Anti-Malware 6.0 - Service service failed to start due to the following error: Access is denied.
    10/31/2011 4:37:56 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
    10/31/2011 4:37:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Updater Service service to connect.
    10/31/2011 4:37:55 PM, Error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2011 4:37:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Raw Socket Service service to connect.
    10/31/2011 4:37:40 PM, Error: Service Control Manager [7000] - The Raw Socket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/31/2011 4:37:39 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    10/31/2011 4:34:31 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/31/2011 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/31/2011 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/31/2011 4:34:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/31/2011 4:34:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/31/2011 4:34:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/31/2011 4:34:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/31/2011 4:34:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
    10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/31/2011 4:34:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/31/2011 4:34:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/31/2011 4:28:59 PM, Error: Service Control Manager [7031] - The Emsisoft Anti-Malware 6.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    10/31/2011 3:16:31 AM, Error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s).
    10/31/2011 3:16:18 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/31/2011 2:50:57 PM, Error: Service Control Manager [7000] - The ThreatFire service failed to start due to the following error: Access is denied.
    10/31/2011 1:36:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB982018).
    10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2529073).
    10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2492386).
    10/31/2011 1:13:09 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2532531).
    10/31/2011 1:08:13 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    10/30/2011 8:46:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xa607d7b0, 0x00000002, 0x00000000, 0x81eac6fd). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103011-24382-01.
    10/30/2011 8:34:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xa4c16800, 0x00000002, 0x00000000, 0x81ea56fd). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 103011-24180-01.
    10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB982018).
    10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2529073).
    10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2492386).
    10/30/2011 11:34:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2532531).
    10/28/2011 11:24:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xc1d8e008, 0x00000002, 0x00000000, 0x81e7b6fd). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102811-47861-01.
    10/28/2011 10:22:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
    10/27/2011 4:00:34 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9DC33528-B535-42ED-B067-337E18BFBF9F} because another computer on the network has the same name. The server could not start.
    10/27/2011 11:38:36 AM, Error: Service Control Manager [7023] -
    10/27/2011 11:35:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    10/26/2011 12:59:02 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
    10/25/2011 6:25:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    10/25/2011 6:03:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
    10/25/2011 6:03:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    10/25/2011 10:40:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================
     
  2. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    Anytime I search using google I am redirected to other sites, predominantly eximious search or something like that. I have tried running AVG and Emsisoft, however, neither of them have found anything on the computer.
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Do the following :-

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  4. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    ComboFix 11-10-30.04 - ktolsen 10/31/2011 20:33:34.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.438 [GMT -5:00]
    Running from: c:\users\ktolsen\Desktop\Gotcha.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB39234$\4184926521
    c:\windows\$NtUninstallKB39234$\661733836\@
    c:\windows\$NtUninstallKB39234$\661733836\L\xadqgnnk
    c:\windows\$NtUninstallKB39234$\661733836\loader.tlb
    c:\windows\$NtUninstallKB39234$\661733836\U\@00000001
    c:\windows\$NtUninstallKB39234$\661733836\U\@000000c0
    c:\windows\$NtUninstallKB39234$\661733836\U\@000000cb
    c:\windows\$NtUninstallKB39234$\661733836\U\@000000cf
    c:\windows\$NtUninstallKB39234$\661733836\U\@80000000
    c:\windows\$NtUninstallKB39234$\661733836\U\@800000c0
    c:\windows\$NtUninstallKB39234$\661733836\U\@800000cb
    c:\windows\$NtUninstallKB39234$\661733836\U\@800000cf
    c:\windows\system32\c_43734.nls
    c:\windows\$NtUninstallKB39234$ . . . . Failed to delete
    .
    Infected copy of c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.1.7600.16385_none_f47d7472a4c4e67e\mscorsvw.exe
    .
    Infected copy of c:\program files\AVG\AVG2012\avgwdsvc.exe was found and disinfected
    Restored copy from - c:\program files\AVG\AVG2012\
    .
    Infected copy of c:\program files\Launch Manager\dsiwmis.exe was found and disinfected
    Restored copy from - c:\program files\Launch Manager\
    .
    c:\program files\Acer\Acer ePower Management\ePowerSvc.exe . . . is infected!!
    c:\program files\Acer\Acer ePower Management\ePowerSvc.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\program files\Acer\Registration\GregHSRW.exe was found and disinfected
    Restored copy from - c:\program files\Acer\Registration\
    .
    Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
    Restored copy from - c:\program files\Google\Update\
    .
    Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected
    Restored copy from - c:\program files\Intel\Intel Matrix Storage Manager\
    .
    Infected copy of c:\program files\Acer\Acer VCM\RS_Service.exe was found and disinfected
    Restored copy from - c:\program files\Acer\Acer VCM\
    .
    Infected copy of c:\program files\Acer\Acer Updater\UpdaterService.exe was found and disinfected
    Restored copy from - c:\program files\Acer\Acer Updater\
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-01 01:50 . 2011-11-01 01:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-01 01:35 . 2011-11-01 01:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B9BC85C-9AB2-4667-A7FB-A40B4D681712}\offreg.dll
    2011-11-01 01:29 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-10-31 21:52 . 2011-10-31 21:52 -------- d-----w- c:\program files\Trend Micro
    2011-10-31 21:21 . 2011-10-31 21:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-10-31 07:10 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B9BC85C-9AB2-4667-A7FB-A40B4D681712}\mpengine.dll
    2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
    2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-30 23:59 . 2011-10-31 21:34 48016 --sha-w- c:\windows\system32\c_43734.nl_
    2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
    2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
    2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
    2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
    2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
    2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
    2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
    2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
    2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
    2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
    2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
    2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
    2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
    2011-10-26 09:18 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-10-26 09:16 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
    2011-10-26 09:16 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2011-10-26 09:16 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-10-26 09:16 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-10-26 09:16 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
    2011-10-26 09:15 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-10-26 09:15 . 2010-11-02 04:35 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-10-26 09:15 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
    2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-08-08 11:08 . 2011-08-08 11:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-01-09 01:55 433648 ----a-w- c:\programdata\Partner\Partner.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
    "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
    "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
    "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
    "emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
    .
    c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-1-8 708608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
    R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
    R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
    R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-01-09 332272]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
    S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 144.92.254.254 128.104.254.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1796)
    c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
    c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\taskhost.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\AVG\AVG2012\avgmfapx.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-31 20:59:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-01 01:59
    .
    Pre-Run: 212,208,791,552 bytes free
    Post-Run: 212,294,246,400 bytes free
    .
    - - End Of File - - 3B999828A9817CC0EE3ECD300273AF19
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Ok, continue as follows ;-

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    Killall::
    file::
    c:\windows\system32\c_43734.nl_
    c:\windows\system32\drivers\hoxbgkwk.sys
    folder::
    c:\programdata\Partner
    Dirlook::
    c:\users\ktolsen\appdata\local\277141cc
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Post those two logs, also give update on issues/concerns...

    Kevin
     
  6. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    Seems as if the redirect virus has gone. I don't know whether or not the things you had me run removed it and anything else with it. In addition to whatever you see in the logs, what virus protection software would you recommend?

    ComboFix 11-10-30.04 - ktolsen 11/01/2011 16:20:51.2.2 - x86
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.576 [GMT -5:00]
    Running from: c:\users\ktolsen\Desktop\Gotcha.exe
    Command switches used :: c:\users\ktolsen\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\c_43734.nl_"
    "c:\windows\system32\drivers\hoxbgkwk.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Partner
    c:\programdata\Partner\debug.log
    c:\programdata\Partner\Partner.dll
    c:\programdata\Partner\Partner.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Partner Service
    -------\Service_Partner Service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-01 21:35 . 2011-11-01 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-01 14:44 . 2011-11-01 14:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{550C8FCE-2C6B-4CEA-915E-E1E5AB9E1808}\offreg.dll
    2011-11-01 14:44 . 2011-10-18 07:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{550C8FCE-2C6B-4CEA-915E-E1E5AB9E1808}\mpengine.dll
    2011-10-31 21:52 . 2011-10-31 21:52 -------- d-----w- c:\program files\Trend Micro
    2011-10-31 21:21 . 2011-10-31 21:25 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
    2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-30 23:59 . 2011-10-31 21:34 48016 --sha-w- c:\windows\system32\c_43734.nl_
    2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
    2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
    2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
    2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
    2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
    2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
    2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
    2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
    2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
    2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
    2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
    2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
    2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
    2011-10-26 09:18 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-10-26 09:16 . 2010-10-27 04:40 1289536 ----a-w- c:\windows\system32\ntdll.dll
    2011-10-26 09:16 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2011-10-26 09:16 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-10-26 09:16 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-10-26 09:16 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
    2011-10-26 09:15 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-10-26 09:15 . 2010-11-02 04:35 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-10-26 09:15 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2011-10-26 09:15 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
    2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-08-08 11:08 . 2011-08-08 11:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\users\ktolsen\appdata\local\277141cc ----
    .
    2011-10-26 17:58 . 2011-10-26 17:58 2048 --sha-w- c:\users\ktolsen\appdata\local\277141cc\@
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
    "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
    "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
    "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
    "emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
    .
    c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-1-8 708608]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
    R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
    R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
    S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 144.92.254.254 128.104.254.254
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2452)
    c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
    c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-01 16:43:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-01 21:43
    ComboFix2.txt 2011-11-01 01:59
    .
    Pre-Run: 211,609,559,040 bytes free
    Post-Run: 211,563,196,416 bytes free
    .
    - - End Of File - - 2455C4550CCB1FDF90A1A306BD9283B4




    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe Win32/Patched.HN trojan
    C:\Program Files\AVG\AVG2012\avgrsx.exe Win32/Patched.HN trojan
    C:\Program Files\Emsisoft Anti-Malware\A2SERVICE.EXE.old Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\Acer\Acer ePower Management\ePowerSvc.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\Acer\Acer Updater\UpdaterService.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\Acer\Acer VCM\RS_Service.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\Acer\Registration\GregHSRW.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\AVG\AVG2012\avgwdsvc.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\Google\Update\GoogleUpdate.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Program Files\Launch Manager\dsiwmis.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Windows\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan
    C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe.vir Win32/Patched.HN trojan
    C:\Qoobox\Quarantine\C\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe.vir Win32/Patched.HN trojan
    C:\Windows\System32\c_43734.nl_ a variant of Win32/Sirefef.CR trojan
    C:\Windows\System32\drivers\tdx.sys a variant of Win32/Rootkit.Kryptik.EQ trojan
    C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys a variant of Win32/Rootkit.Kryptik.EQ trojan
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    The re-directs may have ceased but your logs are not clean. OK do the following:

    Step 1

    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      ipconfig /flushdns /c
      c:\users\ktolsen\appdata\local\277141cc
      c:\windows\system32\c_43734.nl_
      C:\Program Files\Emsisoft Anti-Malware\A2SERVICE.EXE.old
      :Commands
      [EmptyTemp]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Step 2

    Upload a File to Virustotal
    Please visit Virustotal
    • Click the Browse... button
    • Navigate to the file C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    • Click the Open button
    • Click the Send button
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.
    • Repeat the above steps for the following files

    C:\Program Files\AVG\AVG2012\avgrsx.exe

    Step 3

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :filefind
      tdx.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Let me see the followin in your reply :-

    • Log from OTM
    • Results from VirusTotal
    • Result from SystemLook

    Kevin
     
  8. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\ktolsen\Desktop\cmd.bat deleted successfully.
    C:\Users\ktolsen\Desktop\cmd.txt deleted successfully.
    c:\users\ktolsen\appdata\local\277141cc\U folder moved successfully.
    c:\users\ktolsen\appdata\local\277141cc folder moved successfully.
    c:\windows\system32\c_43734.nl_ moved successfully.
    C:\Program Files\Emsisoft Anti-Malware\A2SERVICE.EXE.old moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: ktolsen
    ->Temp folder emptied: 15386080 bytes
    ->Temporary Internet Files folder emptied: 2974645 bytes
    ->Google Chrome cache emptied: 391666647 bytes
    ->Flash cache emptied: 5682 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 594577 bytes
    RecycleBin emptied: 561454 bytes

    Total Files Cleaned = 392.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 11042011_111419

    Files moved on Reboot...
    C:\Windows\temp\TMP00000003179997C2E0651598 moved successfully.

    Registry entries deleted on Reboot...






    Antivirus Version Last Update Result
    AhnLab-V3 2011.11.04.02 2011.11.04 Win-Trojan/Patched.DD
    AntiVir 7.11.17.14 2011.11.04 W32/PatchLoad.A
    Antiy-AVL 2.0.3.7 2011.11.04 Trojan/win32.agent.gen
    Avast 6.0.1289.0 2011.11.04 Win32:patched-WQ [Trj]
    AVG 10.0.0.1190 2011.11.04 Win32/Katusha.A
    BitDefender 7.2 2011.11.04 Trojan.Patched.HE
    ByteHero 1.0.0.1 2011.11.04 Trojan.Win32.Heur.Gen
    CAT-QuickHeal 11.00 2011.11.04 W32.Patchload.O
    ClamAV 0.97.3.0 2011.11.04 Trojan.Patched-167
    Commtouch 5.3.2.6 2011.11.04 W32/Patched.G
    Comodo 10663 2011.11.04 TrojWare.Win32.Patched.HN
    DrWeb 5.0.2.03300 2011.11.04 Trojan.Starter.1695
    Emsisoft 5.1.0.11 2011.11.04 Trojan-Spy.Win32.Zbot!IK
    eSafe 7.0.17.0 2011.11.02 -
    eTrust-Vet 36.1.8656 2011.11.04 Win32/Patchload.U
    F-Prot 4.6.5.141 2011.11.04 W32/Patched.G
    F-Secure 9.0.16440.0 2011.11.04 Trojan.Patched.HE
    Fortinet 4.3.370.0 2011.11.04 W32/Patched.MF!tr
    GData 22 2011.11.04 Trojan.Patched.HE
    Ikarus T3.1.1.107.0 2011.11.04 Trojan-Spy.Win32.Zbot
    Jiangmin 13.0.900 2011.11.04 TrojanSpy.Zbot.adxr
    K7AntiVirus 9.117.5394 2011.11.04 Trojan
    Kaspersky 9.0.0.837 2011.11.04 Trojan.Win32.Patched.mf
    McAfee 5.400.0.1158 2011.11.04 W32/Katusha
    McAfee-GW-Edition 2010.1D 2011.11.04 W32/Katusha
    Microsoft 1.7801 2011.11.04 Virus:Win32/Patchload.O
    NOD32 6601 2011.11.04 Win32/Patched.HN
    Norman 6.07.13 2011.11.04 W32/Patched.BH
    nProtect 2011-11-04.01 2011.11.04 -
    Panda 10.0.3.5 2011.11.04 W32/Katusha.BN
    PCTools 8.0.0.5 2011.11.04 Trojan.Paccyn
    Prevx 3.0 2011.11.04 -
    Rising 23.82.02.02 2011.11.02 Win32.Loader.li
    Sophos 4.71.0 2011.11.04 W32/Patched-AL
    SUPERAntiSpyware 4.40.0.1006 2011.11.04 -
    Symantec 20111.2.0.82 2011.11.04 Trojan.Paccyn!inf
    TheHacker 6.7.0.1.338 2011.11.04 -
    TrendMicro 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
    TrendMicro-HouseCall 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
    VBA32 3.12.16.4 2011.11.04 Trojan-Spy.Zbot.gen
    VIPRE 10962 2011.11.04 Virus.Win32.Agent.mpq (v)
    ViRobot 2011.11.4.4755 2011.11.04 Win32.Patched.BE
    VirusBuster 14.1.45.0 2011.11.04 Win32.Katusha.Gen
    Additional informationShow all
    MD5 : 0c6e60a79034a0cc138e08a2688970f3
    SHA1 : fef190f322dee94b705f6885bda452181fbb1959
    SHA256: a59054d0387eca985e303d723289c0bcd5f0ee6a5f50f1fc2c55aa8edc74f045
    ssdeep: 6144:LubwSWb4HgLeqfY4+V2jXvwfSSSflGzA++:LuA8H0lp62jXofgg+
    File size : 469536 bytes
    First seen: 2011-07-25 00:44:30
    Last seen : 2011-11-04 16:15:44
    TrID:
    Win64 Executable Generic (59.6%)
    Win32 Executable MS Visual C++ (generic) (26.2%)
    Win32 Executable Generic (5.9%)
    Win32 Dynamic Link Library (generic) (5.2%)
    Generic Win/DOS Executable (1.3%)
    sigcheck:
    publisher....: Acer Incorporated
    copyright....: (C) All rights reserved
    product......: Power Management
    description..: ePowerEvent
    original name: ePowerEvent.exe
    internal name: ePowerEvent
    file version.: 4, 5, 3004, 0
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x71170
    timedatestamp....: 0x4AC2FB0D (Wed Sep 30 06:30:37 2009)
    machinetype......: 0x14c (I386)

    [[ 4 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x66E4, 0x7000, 6.33, 19be33b26a137b216520fa41780e826d
    .rdata, 0x8000, 0x1E1C, 0x2000, 5.35, 2b1b4af52385fbe0cc54c15015b04c7c
    .data, 0xA000, 0x1B5C, 0x1000, 2.13, ce4027a473b733853b337f1c451041aa
    .rsrc, 0xC000, 0x658F0, 0x66000, 4.63, 8ec0f1d0e4aa057d92c9c49bcccbfa0f

    [[ 2 import(s) ]]
    KERNEL32.dll: GetLastError, CreateMutexW, GetProcAddress, LoadLibraryW, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, WideCharToMultiByte, GetLocaleInfoA, HeapSize, RtlUnwind, HeapReAlloc, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSection, Sleep, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, VirtualAlloc
    USER32.dll: EndDialog, GetMessageW, BeginPaint, DefWindowProcW, RegisterClassExW, PostQuitMessage, TranslateAcceleratorW, LoadIconW, CreateWindowExW, DialogBoxParamW, EndPaint, LoadStringW, TranslateMessage, DestroyWindow, LoadAcceleratorsW, LoadCursorW, DispatchMessageW
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 28672
    CompanyName: Acer Incorporated
    EntryPoint: 0x71170
    FileDescription: ePowerEvent
    FileFlagsMask: 0x0017
    FileOS: Win32
    FileSize: 459 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 4, 5, 3004, 0
    FileVersionNumber: 4.5.3004.0
    ImageVersion: 0.0
    InitializedDataSize: 430080
    InternalName: ePowerEvent
    LanguageCode: English (U.S.)
    LegalCopyright: (C) All rights reserved
    LinkerVersion: 8.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 6.1
    ObjectFileType: Executable application
    OriginalFilename: ePowerEvent.exe
    PEType: PE32
    ProductName: Power Management
    ProductVersion: 4, 5, 3004, 0
    ProductVersionNumber: 4.5.3004.0
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2009:09:30 08:30:37+02:00
    UninitializedDataSize: 0





    Antivirus Version Last Update Result
    AhnLab-V3 2011.11.04.02 2011.11.04 Win-Trojan/Patched.DD
    AntiVir 7.11.17.14 2011.11.04 W32/PatchLoad.A
    Antiy-AVL 2.0.3.7 2011.11.04 Trojan/Win32.Patched.gen
    Avast 6.0.1289.0 2011.11.04 Win32:patched-WQ [Trj]
    AVG 10.0.0.1190 2011.11.04 Win32/Katusha.A
    BitDefender 7.2 2011.11.04 Trojan.Generic.6710986
    ByteHero 1.0.0.1 2011.11.04 -
    CAT-QuickHeal 11.00 2011.11.04 W32.Patchload.O
    ClamAV 0.97.3.0 2011.11.04 Trojan.Patched-167
    Commtouch 5.3.2.6 2011.11.04 W32/Patched.G
    Comodo 10663 2011.11.04 TrojWare.Win32.Patched.HN
    DrWeb 5.0.2.03300 2011.11.04 Trojan.Starter.1695
    Emsisoft 5.1.0.11 2011.11.04 Trojan-Spy.Win32.Zbot!IK
    eSafe 7.0.17.0 2011.11.02 -
    eTrust-Vet 36.1.8656 2011.11.04 Win32/Patchload.U
    F-Prot 4.6.5.141 2011.11.04 W32/Patched.G
    F-Secure 9.0.16440.0 2011.11.04 Trojan.Generic.6710986
    Fortinet 4.3.370.0 2011.11.04 W32/Patched.MF!tr
    GData 22 2011.11.04 Trojan.Generic.6710986
    Ikarus T3.1.1.107.0 2011.11.04 Trojan-Spy.Win32.Zbot
    Jiangmin 13.0.900 2011.11.04 TrojanSpy.Zbot.adxr
    K7AntiVirus 9.117.5394 2011.11.04 Trojan
    Kaspersky 9.0.0.837 2011.11.04 Trojan.Win32.Patched.mf
    McAfee 5.400.0.1158 2011.11.04 W32/Katusha
    McAfee-GW-Edition 2010.1D 2011.11.04 W32/Katusha
    Microsoft 1.7801 2011.11.04 Virus:Win32/Patchload.O
    NOD32 6601 2011.11.04 Win32/Patched.HN
    Norman 6.07.13 2011.11.04 W32/Patched.BH
    nProtect 2011-11-04.01 2011.11.04 -
    Panda 10.0.3.5 2011.11.04 W32/Katusha.BN
    PCTools 8.0.0.5 2011.11.04 Trojan.Paccyn
    Prevx 3.0 2011.11.04 -
    Rising 23.82.02.02 2011.11.02 Win32.Loader.li
    Sophos 4.71.0 2011.11.04 W32/Patched-AL
    SUPERAntiSpyware 4.40.0.1006 2011.11.04 -
    Symantec 20111.2.0.82 2011.11.04 Trojan.Paccyn!inf
    TheHacker 6.7.0.1.338 2011.11.04 -
    TrendMicro 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
    TrendMicro-HouseCall 9.500.0.1008 2011.11.04 PTCH_KATUSHA.W
    VBA32 3.12.16.4 2011.11.04 Trojan-Spy.Zbot.gen
    VIPRE 10962 2011.11.04 Virus.Win32.Agent.mpq (v)
    ViRobot 2011.11.4.4755 2011.11.04 Win32.Patched.BE
    VirusBuster 14.1.45.0 2011.11.04 Win32.Katusha.Gen
    Additional informationShow all
    MD5 : 45bb9ebb18676cb884c2a3879fb60e7b
    SHA1 : ca3893dadc2a3210f0cba10de01b5513abb8df7f
    SHA256: fdd07a5f7dd9612a8607417eb812cc09806dd772607ee8f2e9338c02d9942e9e
    ssdeep: 12288:wb4J230ZLEy54iX95QOVvFFIwXrAyL/j3yRTh/gVLZW3DWjtis0QnpgN1TpqAgrT:wb4J
    230ZLEe4iNKOtbLSTh/mz0QnpYRa
    File size : 743264 bytes
    First seen: 2011-09-29 16:07:28
    Last seen : 2011-11-04 16:24:17
    TrID:
    Win64 Executable Generic (87.2%)
    Win32 Executable Generic (8.6%)
    Generic Win/DOS Executable (2.0%)
    DOS Executable Generic (2.0%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    sigcheck:
    publisher....: AVG Technologies CZ, s.r.o.
    copyright....: Copyright (c) 2011 AVG Technologies CZ, s.r.o.
    product......: AVG Internet Security
    description..: AVG Resident Shield Service
    original name: avgrs.exe
    internal name: avgrs
    file version.: 12.0.0.1806
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0xB9D7C
    timedatestamp....: 0x4E6904FE (Thu Sep 08 18:10:06 2011)
    machinetype......: 0x14c (I386)

    [[ 5 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x8DBEA, 0x8DC00, 6.41, d3f2a755193f715a16a50c2f5f517d43
    .rdata, 0x8F000, 0x17524, 0x17600, 4.10, 80c7b0b887dcb795c1a0292776c7631d
    .data, 0xA7000, 0x4B24, 0x1600, 4.19, f7a10007264571ab6d00e90abdec24e5
    .rsrc, 0xAC000, 0x644, 0x800, 4.52, e6c0a5c06cb1c9089a617b05a1b0d735
    .reloc, 0xAD000, 0xD4FC, 0xD600, 4.52, 3d98303867ec587c878d7cf025272ad5

    [[ 1 import(s) ]]
    ntdll.dll: memcpy, memmove, memset, _aulldiv, ZwClose, _alldiv, RtlNtStatusToDosError, ZwSetInformationProcess, _chkstk, RtlFreeUnicodeString, ZwCreateKey, RtlOpenCurrentUser, ZwDuplicateToken, RtlCreateSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetSaclSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlSetSaclSecurityDescriptor, RtlCreateAcl, RtlAddAccessAllowedAceEx, ZwQueryInformationToken, RtlEqualSid, RtlGetAce, ZwOpenFile, ZwQueryValueKey, ZwSetValueKey, ZwOpenKey, ZwEnumerateKey, ZwQueryKey, ZwDeleteKey, LdrUnloadDll, LdrGetProcedureAddress, RtlInitAnsiString, LdrLoadDll, RtlInitUnicodeString, LdrGetDllHandle, ZwWaitForMultipleObjects, RtlAllocateHeap, RtlReAllocateHeap, RtlFreeHeap, ZwFlushBuffersFile, ZwFsControlFile, ZwWaitForSingleObject, ZwSetInformationThread, ZwReadFile, ZwWriteFile, ZwCreateNamedPipeFile, ZwSetInformationFile, RtlCreateUnicodeString, _allmul, ZwQueryInformationProcess, ZwOpenProcess, ZwQueryInformationFile, ZwCancelIoFile, ZwOpenThreadToken, ZwCreateEvent, RtlTimeToTimeFields, _aullrem, RtlTimeFieldsToTime, DbgPrint, _allrem, _stricmp, _strnicmp, _ftol, ZwTerminateProcess, ZwQueryInformationThread, ZwDelayExecution, ZwResumeThread, ZwTerminateThread, RtlRaiseException, ZwDuplicateObject, LdrShutdownThread, CsrClientCallServer, RtlCreateUserThread, RtlUpcaseUnicodeString, RtlxAnsiStringToUnicodeSize, RtlxOemStringToUnicodeSize, NlsMbOemCodePageTag, RtlAnsiStringToUnicodeString, RtlOemStringToUnicodeString, RtlxUnicodeStringToAnsiSize, RtlxUnicodeStringToOemSize, RtlUnicodeStringToAnsiString, RtlUnicodeStringToOemString, _aullshr, ZwSetEvent, ZwResetEvent, RtlSystemTimeToLocalTime, RtlInitializeCriticalSection, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlDeleteCriticalSection, ZwReleaseMutant, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwDeviceIoControlFile, ZwCreateFile, RtlGetFullPathName_U, RtlQueryEnvironmentVariable_U, ZwReadVirtualMemory, ZwQuerySystemInformation, RtlCopySid, RtlAddAccessDeniedAceEx, RtlAdjustPrivilege, RtlImpersonateSelf, RtlDestroyProcessParameters, RtlCreateUserProcess, RtlCreateProcessParameters, RtlGetCurrentDirectory_U, ZwQueryVirtualMemory, RtlDosPathNameToNtPathName_U, ZwQueryObject, RtlDestroyEnvironment, RtlSetEnvironmentVariable, RtlCreateEnvironment, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, ZwQueryDirectoryFile, RtlIsDosDeviceName_U, ZwDisplayString, RtlUnwind, RtlReleasePebLock, RtlClearBits, RtlFindClearBitsAndSet, RtlAcquirePebLock, RtlAreBitsSet, _allshl
    ExifTool:
    file metadata
    CharacterSet: Unicode
    CodeSize: 580608
    CompanyName: AVG Technologies CZ, s.r.o.
    EntryPoint: 0xb9d7c
    FileDescription: AVG Resident Shield Service
    FileFlagsMask: 0x0017
    FileOS: Win32
    FileSize: 726 kB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 12.0.0.1806
    FileVersionNumber: 12.0.0.1806
    ImageVersion: 0.0
    InitializedDataSize: 156160
    InternalName: avgrs
    LanguageCode: Neutral
    LegalCopyright: Copyright 2011 AVG Technologies CZ, s.r.o.
    LinkerVersion: 9.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 6.1
    ObjectFileType: Executable application
    OriginalFilename: avgrs.exe
    PEType: PE32
    PrivateBuild: Win32 Release_Unicode_NTDLL
    ProductName: AVG Internet Security
    ProductVersion: 12.0.0.1806
    ProductVersionNumber: 12.0.0.1806
    SpecialBuild: Avg2012VC9_2011_0908_172130(1806), SVNRev 365736a (release/HotFix2012-01)
    Subsystem: Native
    SubsystemVersion: 5.0
    TimeStamp: 2011:09:08 20:10:06+02:00
    UninitializedDataSize: 0





    SystemLook 30.07.11 by jpshortstuff
    Log created at 11:37 on 04/11/2011 by ktolsen
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "tdx.sys"
    C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys --a---- 74752 bytes [06:24 31/10/2011] [08:39 20/11/2010] B459575348C20E8121D6039DA063C704
    C:\Windows\SoftwareDistribution\Download\bd60fbfcf1ac006bf26f6afa5c1dff1a\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys --a---- 74752 bytes [16:31 04/11/2011] [08:39 20/11/2010] B459575348C20E8121D6039DA063C704
    C:\Windows\System32\drivers\tdx.sys --a---- 74240 bytes [23:12 13/07/2009] [23:12 13/07/2009] 07ABD12E1737EFA05465BC1DE7C0CEC2
    C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --a---- 74240 bytes [23:12 13/07/2009] [23:12 13/07/2009] 07ABD12E1737EFA05465BC1DE7C0CEC2

    -= EOF =-
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Run the following :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    FCopy::
    C:\Windows\SoftwareDistribution\Download\bd60fbfcf1ac006bf26f6afa5c1dff1a\x 86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys | C:\Windows\System32\drivers\tdx.sys
    C:\Windows\SoftwareDistribution\Download\bd60fbfcf1ac006bf26f6afa5c1dff1a\x 86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys | C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer ePower Management"=-
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Go Here and hit the "Free download" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, let it update but do not scan yet.

    Step 3

    Get the AVG removal tool from Here http://www.avg.com/us-en/utilities and remove AVG from your system.

    Step 4

    Run a quick scan with Microsoft Security Essentials.

    Let me see the log from Combofix, also let me know what MSE found, there will be know log as such, you can check under the history tab..

    Kevin
     
  10. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    ComboFix 11-11-13.02 - ktolsen 11/13/2011 11:50:54.3.2 - x86
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.493 [GMT -6:00]
    Running from: c:\users\ktolsen\Desktop\Gotcha.exe
    Command switches used :: c:\users\ktolsen\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-13 18:03 . 2011-11-13 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-10 08:35 . 2011-11-10 08:35 -------- d-----w- c:\program files\Oceanis
    2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
    2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-30 16:40 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-10-30 16:40 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-10-30 16:40 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-10-30 16:40 . 2011-03-29 03:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-10-30 16:40 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-10-30 16:40 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-10-30 16:40 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-10-30 16:40 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-10-30 16:39 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-10-30 16:39 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-10-30 16:39 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
    2011-10-30 16:39 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-10-30 16:39 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-10-30 16:39 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-10-30 16:39 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-10-30 16:39 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
    2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
    2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
    2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
    2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
    2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
    2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
    2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
    2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
    2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
    2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
    2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
    2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
    2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
    "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
    "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
    "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
    "emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
    .
    c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
    R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
    R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
    S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2784)
    c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
    c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-11-13 12:12:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-13 18:12
    ComboFix2.txt 2011-11-01 21:43
    ComboFix3.txt 2011-11-01 01:59
    .
    Pre-Run: 207,659,401,216 bytes free
    Post-Run: 207,659,204,608 bytes free
    .
    - - End Of File - - AF56B791E0449C42498D46A07AFB8064




    MSE Quick Scan said it found one trojan, but I don't see it when I go to the history tab.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Did you run AVG removal tool, it is still showing as installed....
     
  12. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    Hmm, I did do the uninstall on it. Also, I've got something called emsisoft on my computer somewhere, though I tried uninstalling that a while ago as well.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Step 3 in reply #9 has a link for AVG removal tool, get it and run it. Delete Combofix (Gotcha) from your Desktop. Download a fresh copy of Combofix from either of the following links:

    Do not re-name this time...

    Link 1
    Link 2

    Re-run as you did before
     
  14. a23kiki23

    a23kiki23 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    9
    ComboFix 11-11-13.02 - ktolsen 11/13/2011 11:50:54.3.2 - x86
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.493 [GMT -6:00]
    Running from: c:\users\ktolsen\Desktop\Gotcha.exe
    Command switches used :: c:\users\ktolsen\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-13 18:03 . 2011-11-13 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-10 08:35 . 2011-11-10 08:35 -------- d-----w- c:\program files\Oceanis
    2011-10-31 07:10 . 2011-05-25 00:14 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-31 05:02 . 2011-10-31 05:02 -------- d-----w- c:\windows\system32\SPReview
    2011-10-31 05:01 . 2011-10-31 05:01 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-31 04:49 . 2011-10-31 07:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-31 04:49 . 2011-10-31 04:49 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-31 04:49 . 2011-10-31 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-30 16:40 . 2011-03-29 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-10-30 16:40 . 2011-03-29 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-10-30 16:40 . 2011-03-29 03:07 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-10-30 16:40 . 2011-03-29 03:06 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-10-30 16:40 . 2011-03-29 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-10-30 16:40 . 2011-03-29 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-10-30 16:40 . 2011-03-29 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-10-30 16:40 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-10-30 16:39 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-10-30 16:39 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-10-30 16:39 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
    2011-10-30 16:39 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-10-30 16:39 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-10-30 16:39 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-10-30 16:39 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-10-30 16:39 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
    2011-10-27 15:31 . 2011-10-27 15:36 -------- d-----w- C:\cb5d62e224cdaf4a97bfc586
    2011-10-27 15:27 . 2009-11-25 17:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-10-27 15:27 . 2009-11-25 17:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-10-27 15:27 . 2009-11-25 17:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-10-27 15:27 . 2009-11-25 17:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-10-27 15:27 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-10-27 14:55 . 2011-10-27 14:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-10-27 14:43 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-10-27 14:43 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-10-27 14:42 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
    2011-10-27 03:55 . 2011-10-27 03:55 -------- d-----w- c:\programdata\Hewlett-Packard
    2011-10-27 03:55 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
    2011-10-27 03:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-10-27 03:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
    2011-10-27 03:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2011-10-26 18:18 . 2011-10-26 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-10-26 18:03 . 2011-10-26 18:03 -------- d-----w- C:\$AVG
    2011-10-26 14:14 . 2011-10-26 14:15 -------- d-----w- c:\program files\WhatPulse
    2011-10-26 11:40 . 2011-10-26 11:40 -------- d-----w- C:\DEVICE
    2011-10-26 09:41 . 2010-12-21 05:38 204288 ----a-w- c:\windows\system32\upnp.dll
    2011-10-26 09:41 . 2010-12-21 05:36 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2011-10-26 09:40 . 2010-12-21 05:36 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2011-10-26 09:40 . 2010-12-21 05:38 350720 ----a-w- c:\windows\system32\winhttp.dll
    2011-10-26 09:40 . 2010-12-21 05:38 204800 ----a-w- c:\windows\system32\WebClnt.dll
    2011-10-26 09:40 . 2010-12-21 05:34 80384 ----a-w- c:\windows\system32\davclnt.dll
    2011-10-26 09:40 . 2010-12-21 05:38 73728 ----a-w- c:\windows\system32\wscsvc.dll
    2011-10-26 09:40 . 2010-12-21 05:38 51200 ----a-w- c:\windows\system32\wscapi.dll
    2011-10-26 09:40 . 2010-12-21 05:38 14336 ----a-w- c:\windows\system32\slwga.dll
    2011-10-26 09:40 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2011-10-26 09:40 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2011-10-26 09:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2011-10-26 09:38 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-10-26 09:38 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-10-26 09:38 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-10-26 09:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2011-10-26 09:37 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-10-26 09:36 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2011-10-26 09:36 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
    2011-10-26 09:36 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-10-26 09:36 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-26 09:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-26 09:35 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-10-26 09:35 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-10-26 09:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2011-10-26 09:34 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2011-10-26 09:34 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2011-10-26 09:33 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-26 09:33 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-26 09:33 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-26 09:33 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-26 09:33 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-26 09:33 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2011-10-26 09:33 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-10-26 09:32 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2011-10-26 09:32 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
    2011-10-26 09:32 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-10-26 09:32 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2011-10-26 09:32 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
    2011-10-26 09:32 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
    2011-10-26 09:32 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-10-26 09:32 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2011-10-26 09:32 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
    2011-10-26 09:32 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
    2011-10-26 09:31 . 2010-12-18 05:29 541184 ----a-w- c:\windows\system32\kerberos.dll
    2011-10-26 09:31 . 2011-07-09 02:26 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-10-26 09:31 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-10-26 09:31 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-10-26 09:31 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-26 09:31 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-26 09:30 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
    2011-10-26 09:30 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-10-26 09:30 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-10-26 09:30 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-10-26 09:30 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-10-26 09:30 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-10-26 09:27 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-10-26 09:27 . 2011-06-21 05:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-10-26 09:27 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-26 09:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
    2011-10-26 09:27 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-10-26 09:26 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-10-26 09:26 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-10-26 09:24 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
    2011-10-26 09:24 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
    2011-10-26 09:24 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
    2011-10-26 09:24 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
    2011-10-26 09:24 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
    2011-10-26 09:24 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
    2011-10-26 09:24 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
    2011-10-26 09:24 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
    2011-10-26 09:24 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
    2011-10-26 09:24 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-10-26 09:24 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-10-26 09:24 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-10-26 09:22 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
    2011-10-26 09:22 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2011-10-26 09:18 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-10-26 09:18 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-25 23:26 . 2010-01-09 01:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
    2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-09 39408]
    "WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
    "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
    "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
    "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
    "emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-10-17 3561872]
    .
    c:\users\ktolsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-9-19 993280]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-31 3074040]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [x]
    R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-08-12 51632]
    R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 135664]
    R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-11-01 192776]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-11-01 107016]
    S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2011-11-01 1150496]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2011-11-01 253952]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-11-01 240160]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-01 01:49]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000Core.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1165962799-223075182-2640885764-1000UA.job
    - c:\users\ktolsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 22:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao532h&r=27b51011w505l0474ww45w64l2r782
    IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2784)
    c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
    c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-11-13 12:12:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-13 18:12
    ComboFix2.txt 2011-11-01 21:43
    ComboFix3.txt 2011-11-01 01:59
    .
    Pre-Run: 207,659,401,216 bytes free
    Post-Run: 207,659,204,608 bytes free
    .
    - - End Of File - - AF56B791E0449C42498D46A07AFB8064




    MSE Quick Scan found one trojan, though it appears as if it removed it for me.
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    That is not a log from a new run of CF that is the same log that you posted in reply #10
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - eximious redirect virus
  1. OncomingStorm
    Replies:
    11
    Views:
    673
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1024883

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice