1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My computer is infected but I can't seem to find the problem!

Discussion in 'Virus & Other Malware Removal' started by sapphire69, Nov 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Hello,

    A couple of weeks ago, I was on Google and suddenly, all of these error messages cascaded across the screen. When I clicked out of all of them, all of my files were hidden. I was finally able to get most of them back but then, any time I tried to navigate to a web site, it would be redirected and I would also get these random talk radio shows playing with no web page open. I looked in the Task Manager and there were several of my applications that had *32 behind them, and I don't recall them being there before. Also, when I open a new web site, it had several Mevio web sites that had previously been opened. Just to add another wrinkle to things, I use an external drive on my computer all of the time and some of the files on there were hidden so I don't know if I'm reintroducing the virus every time I try to run a scan on the external drive. If anyone can help me, it would be greatly appreciated. Here are the Hijack This log and the DDS log.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:56:50 PM, on 11/21/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Freecorder\FLVSrvc.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\kmitchell\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
    O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    O3 - Toolbar: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Google Update] "C:\Users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eaglenet.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eaglenet.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eaglenet.local
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
    O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 13688 bytes


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by kmitchell at 18:57:05 on 2011-11-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.1509 [GMT -5:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Freecorder\FLVSrvc.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\splwow64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\kmitchell\AppData\Local\Apps\2.0\5CVON9B4.E9Y\MM1AYZDA.G5A\opsp..tion_adb547f5da16c400_0004.0003_3d0bd2c2e1e294fa\OpsProjectorUI.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.com/
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
    BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    uRun: [Google Update] "C:\Users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc1.cab
    TCP: DhcpNameServer = 192.168.254.254
    TCP: Interfaces\{0DCD5FB0-8FE9-49FC-A86A-B46918D9299D} : DhcpNameServer = 192.168.100.4 192.168.100.6
    TCP: Interfaces\{76975E50-310E-40C8-8442-3FF0F633B396} : DhcpNameServer = 192.168.254.254
    TCP: Interfaces\{76975E50-310E-40C8-8442-3FF0F633B396}\261627E61636C656 : DhcpNameServer = 66.174.95.44 66.174.92.14
    BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
    BHO-X64: Freecorder Toolbar - No File
    BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
    TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
    mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\kmitchell\AppData\Roaming\Mozilla\Firefox\Profiles\950sra5n.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Users\kmitchell\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
    R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-8-12 41320]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-8-12 65896]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-12 93032]
    R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-8-12 148840]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-8-18 1846592]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-8-12 144232]
    R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-12 64952]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-3-31 579264]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-8-12 45496]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-17 1153368]
    S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-12 477032]
    S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\6963.tmp --> C:\Windows\system32\6963.tmp [?]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-8-12 83304]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-17 13:55:00 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-11-17 13:55:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-11-11 15:33:33 388096 ----a-r- C:\Users\kmitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-11 15:33:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2011-11-11 15:21:00 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-11-11 14:46:16 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
    2011-11-11 14:19:43 6144 ------w- C:\Windows\System32\6963.tmp
    2011-11-11 14:18:06 6144 ------w- C:\Windows\System32\ED02.tmp
    2011-11-11 14:17:57 -------- d-----w- C:\Program Files (x86)\Sophos
    2011-11-11 13:43:48 -------- d-----w- C:\Users\kmitchell\AppData\Roaming\Malwarebytes
    2011-11-10 14:31:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-10 14:31:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-10 14:16:49 -------- d-----w- C:\Windows\System32\appmgmt
    2011-11-09 12:40:06 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 12:40:06 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 12:40:05 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 12:40:03 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-02 22:08:10 -------- d-----w- C:\Users\kmitchell\AppData\Local\Apple
    2011-11-02 17:59:48 -------- d-----w- C:\Users\kmitchell\AppData\Roaming\webex
    2011-11-02 17:59:29 -------- d-----w- C:\ProgramData\WebEx
    2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ==================== Find3M ====================
    .
    2011-11-21 20:27:12 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-09-20 18:35:46 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
    2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 19:05:57.12 ===============
     
  2. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Any help at all would be much appreciated!
     
  3. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hi and welcome to TSG.

    I am reviewing your logs and will respond with a reply as soon as I can.

    Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

    Thank you for your patience.
     
  4. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Hello Larusso,

    Thank you so much for your assistance! I will wait for your instructions.

    Have a nice holiday!
     
  5. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please post in your next reply
    TDSSKiller Log
     
  6. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Good morning, Daniel! Thank you again for your assistance! I ran the TDSS program and no threats were found. Here are the contents of the log.


    07:45:42.0243 5496 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    07:45:42.0633 5496 ============================================================
    07:45:42.0633 5496 Current date / time: 2011/11/24 07:45:42.0633
    07:45:42.0633 5496 SystemInfo:
    07:45:42.0633 5496
    07:45:42.0633 5496 OS Version: 6.1.7601 ServicePack: 1.0
    07:45:42.0633 5496 Product type: Workstation
    07:45:42.0633 5496 ComputerName: KMITCHELL-WIN7
    07:45:42.0633 5496 UserName: kmitchell
    07:45:42.0633 5496 Windows directory: C:\Windows
    07:45:42.0633 5496 System windows directory: C:\Windows
    07:45:42.0633 5496 Running under WOW64
    07:45:42.0633 5496 Processor architecture: Intel x64
    07:45:42.0633 5496 Number of processors: 2
    07:45:42.0633 5496 Page size: 0x1000
    07:45:42.0633 5496 Boot type: Normal boot
    07:45:42.0633 5496 ============================================================
    07:45:43.0787 5496 Initialize success
    07:46:01.0930 3104 ============================================================
    07:46:01.0930 3104 Scan started
    07:46:01.0930 3104 Mode: Manual;
    07:46:01.0930 3104 ============================================================
    07:46:05.0752 3104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
    07:46:05.0768 3104 1394ohci - ok
    07:46:05.0815 3104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    07:46:05.0830 3104 ACPI - ok
    07:46:05.0846 3104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    07:46:05.0846 3104 AcpiPmi - ok
    07:46:05.0908 3104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    07:46:05.0939 3104 adp94xx - ok
    07:46:05.0955 3104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    07:46:05.0986 3104 adpahci - ok
    07:46:06.0017 3104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    07:46:06.0049 3104 adpu320 - ok
    07:46:06.0142 3104 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    07:46:06.0158 3104 AFD - ok
    07:46:06.0189 3104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    07:46:06.0205 3104 agp440 - ok
    07:46:06.0236 3104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    07:46:06.0251 3104 aliide - ok
    07:46:06.0345 3104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    07:46:06.0345 3104 amdide - ok
    07:46:06.0361 3104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    07:46:06.0423 3104 AmdK8 - ok
    07:46:06.0439 3104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    07:46:06.0439 3104 AmdPPM - ok
    07:46:06.0501 3104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    07:46:06.0532 3104 amdsata - ok
    07:46:06.0548 3104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    07:46:06.0548 3104 amdsbs - ok
    07:46:06.0579 3104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    07:46:06.0595 3104 amdxata - ok
    07:46:06.0641 3104 ApfiltrService (f41e7c078d07118ef7cbea0a74fa1deb) C:\Windows\system32\DRIVERS\Apfiltr.sys
    07:46:06.0641 3104 ApfiltrService - ok
    07:46:06.0688 3104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    07:46:06.0688 3104 AppID - ok
    07:46:06.0797 3104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    07:46:06.0797 3104 arc - ok
    07:46:06.0829 3104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    07:46:06.0829 3104 arcsas - ok
    07:46:06.0860 3104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    07:46:06.0907 3104 AsyncMac - ok
    07:46:06.0938 3104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    07:46:06.0953 3104 atapi - ok
    07:46:07.0031 3104 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
    07:46:07.0109 3104 athr - ok
    07:46:07.0250 3104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    07:46:07.0297 3104 b06bdrv - ok
    07:46:07.0328 3104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    07:46:07.0328 3104 b57nd60a - ok
    07:46:07.0359 3104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    07:46:07.0375 3104 Beep - ok
    07:46:07.0421 3104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    07:46:07.0421 3104 blbdrive - ok
    07:46:07.0453 3104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    07:46:07.0468 3104 bowser - ok
    07:46:07.0499 3104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    07:46:07.0499 3104 BrFiltLo - ok
    07:46:07.0515 3104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    07:46:07.0515 3104 BrFiltUp - ok
    07:46:07.0546 3104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    07:46:07.0562 3104 Brserid - ok
    07:46:07.0640 3104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    07:46:07.0640 3104 BrSerWdm - ok
    07:46:07.0655 3104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    07:46:07.0687 3104 BrUsbMdm - ok
    07:46:07.0702 3104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    07:46:07.0702 3104 BrUsbSer - ok
    07:46:07.0733 3104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    07:46:07.0733 3104 BTHMODEM - ok
    07:46:07.0780 3104 CAXHWAZL (9c4e50bea239e2d45099ec919f779db0) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    07:46:07.0780 3104 CAXHWAZL - ok
    07:46:07.0827 3104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    07:46:07.0843 3104 cdfs - ok
    07:46:07.0889 3104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    07:46:07.0889 3104 cdrom - ok
    07:46:07.0921 3104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    07:46:07.0936 3104 circlass - ok
    07:46:07.0983 3104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    07:46:08.0014 3104 CLFS - ok
    07:46:08.0139 3104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    07:46:08.0155 3104 CmBatt - ok
    07:46:08.0170 3104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    07:46:08.0201 3104 cmdide - ok
    07:46:08.0248 3104 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    07:46:08.0264 3104 CNG - ok
    07:46:08.0295 3104 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
    07:46:08.0311 3104 CnxtHdAudService - ok
    07:46:08.0357 3104 COH_Mon (2e1dfcd558b716323152b009b037cc42) C:\Windows\system32\Drivers\COH_Mon.sys
    07:46:08.0373 3104 COH_Mon - ok
    07:46:08.0420 3104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    07:46:08.0435 3104 Compbatt - ok
    07:46:08.0467 3104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    07:46:08.0482 3104 CompositeBus - ok
    07:46:08.0545 3104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    07:46:08.0576 3104 crcdisk - ok
    07:46:08.0638 3104 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    07:46:08.0654 3104 CSC - ok
    07:46:08.0685 3104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    07:46:08.0685 3104 DfsC - ok
    07:46:08.0701 3104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    07:46:08.0701 3104 discache - ok
    07:46:08.0763 3104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    07:46:08.0779 3104 Disk - ok
    07:46:08.0810 3104 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
    07:46:08.0810 3104 dmvsc - ok
    07:46:08.0935 3104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    07:46:08.0935 3104 drmkaud - ok
    07:46:09.0013 3104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    07:46:09.0028 3104 DXGKrnl - ok
    07:46:09.0137 3104 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
    07:46:09.0137 3104 DzHDD64 - ok
    07:46:09.0262 3104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    07:46:09.0309 3104 ebdrv - ok
    07:46:09.0418 3104 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    07:46:09.0465 3104 eeCtrl - ok
    07:46:09.0590 3104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    07:46:09.0590 3104 elxstor - ok
    07:46:09.0637 3104 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    07:46:09.0637 3104 EraserUtilRebootDrv - ok
    07:46:09.0652 3104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    07:46:09.0652 3104 ErrDev - ok
    07:46:09.0699 3104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    07:46:09.0699 3104 exfat - ok
    07:46:09.0730 3104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    07:46:09.0730 3104 fastfat - ok
    07:46:09.0793 3104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    07:46:09.0824 3104 fdc - ok
    07:46:09.0917 3104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    07:46:09.0964 3104 FileInfo - ok
    07:46:09.0980 3104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    07:46:09.0980 3104 Filetrace - ok
    07:46:10.0011 3104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    07:46:10.0011 3104 flpydisk - ok
    07:46:10.0042 3104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    07:46:10.0042 3104 FltMgr - ok
    07:46:10.0073 3104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    07:46:10.0073 3104 FsDepends - ok
    07:46:10.0089 3104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    07:46:10.0089 3104 Fs_Rec - ok
    07:46:10.0105 3104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    07:46:10.0120 3104 fvevol - ok
    07:46:10.0136 3104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    07:46:10.0136 3104 gagp30kx - ok
    07:46:10.0167 3104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    07:46:10.0167 3104 hcw85cir - ok
    07:46:10.0214 3104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    07:46:10.0229 3104 HdAudAddService - ok
    07:46:10.0276 3104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    07:46:10.0276 3104 HDAudBus - ok
    07:46:10.0354 3104 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
    07:46:10.0401 3104 HECIx64 - ok
    07:46:10.0432 3104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    07:46:10.0432 3104 HidBatt - ok
    07:46:10.0463 3104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    07:46:10.0463 3104 HidBth - ok
    07:46:10.0479 3104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    07:46:10.0479 3104 HidIr - ok
    07:46:10.0526 3104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    07:46:10.0526 3104 HidUsb - ok
    07:46:10.0557 3104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    07:46:10.0573 3104 HpSAMD - ok
    07:46:10.0651 3104 HSF_DPV (5a518b63d408b2dbc1778788456e1a66) C:\Windows\system32\DRIVERS\CAX_DPV.sys
    07:46:10.0682 3104 HSF_DPV - ok
    07:46:10.0791 3104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    07:46:10.0807 3104 HTTP - ok
    07:46:10.0838 3104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    07:46:10.0853 3104 hwpolicy - ok
    07:46:10.0900 3104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    07:46:10.0900 3104 i8042prt - ok
    07:46:10.0978 3104 iaNvStor (051e73f94f932b5975b6765e3b2f7dc6) C:\Windows\system32\DRIVERS\iaNvStor.sys
    07:46:10.0978 3104 iaNvStor - ok
    07:46:11.0087 3104 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
    07:46:11.0134 3104 iaStor - ok
    07:46:11.0197 3104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    07:46:11.0228 3104 iaStorV - ok
    07:46:11.0275 3104 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    07:46:11.0275 3104 IBMPMDRV - ok
    07:46:11.0618 3104 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
    07:46:11.0930 3104 igfx - ok
    07:46:12.0023 3104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    07:46:12.0055 3104 iirsp - ok
    07:46:12.0086 3104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    07:46:12.0086 3104 intelide - ok
    07:46:12.0133 3104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    07:46:12.0133 3104 intelppm - ok
    07:46:12.0148 3104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    07:46:12.0148 3104 IpFilterDriver - ok
    07:46:12.0179 3104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    07:46:12.0179 3104 IPMIDRV - ok
    07:46:12.0195 3104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    07:46:12.0226 3104 IPNAT - ok
    07:46:12.0257 3104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    07:46:12.0273 3104 IRENUM - ok
    07:46:12.0289 3104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    07:46:12.0304 3104 isapnp - ok
    07:46:12.0335 3104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    07:46:12.0367 3104 iScsiPrt - ok
    07:46:12.0413 3104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    07:46:12.0429 3104 kbdclass - ok
    07:46:12.0523 3104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    07:46:12.0569 3104 kbdhid - ok
    07:46:12.0585 3104 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    07:46:12.0601 3104 KSecDD - ok
    07:46:12.0616 3104 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    07:46:12.0647 3104 KSecPkg - ok
    07:46:12.0663 3104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    07:46:12.0679 3104 ksthunk - ok
    07:46:12.0741 3104 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
    07:46:12.0741 3104 lenovo.smi - ok
    07:46:12.0803 3104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    07:46:12.0803 3104 lltdio - ok
    07:46:12.0835 3104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    07:46:12.0835 3104 LSI_FC - ok
    07:46:12.0866 3104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    07:46:12.0866 3104 LSI_SAS - ok
    07:46:12.0959 3104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    07:46:12.0959 3104 LSI_SAS2 - ok
    07:46:12.0991 3104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    07:46:12.0991 3104 LSI_SCSI - ok
    07:46:13.0022 3104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    07:46:13.0022 3104 luafv - ok
    07:46:13.0069 3104 mdmxsdk (fc631425ed761ea1f24738aa15ff5a7d) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    07:46:13.0084 3104 mdmxsdk - ok
    07:46:13.0100 3104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    07:46:13.0100 3104 megasas - ok
    07:46:13.0131 3104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    07:46:13.0147 3104 MegaSR - ok
    07:46:13.0193 3104 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\6963.tmp
    07:46:13.0209 3104 MEMSWEEP2 - ok
    07:46:13.0303 3104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    07:46:13.0303 3104 Modem - ok
    07:46:13.0334 3104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    07:46:13.0334 3104 monitor - ok
    07:46:13.0381 3104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    07:46:13.0381 3104 mouclass - ok
    07:46:13.0427 3104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    07:46:13.0427 3104 mouhid - ok
    07:46:13.0443 3104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    07:46:13.0474 3104 mountmgr - ok
    07:46:13.0490 3104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    07:46:13.0490 3104 mpio - ok
    07:46:13.0521 3104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    07:46:13.0537 3104 mpsdrv - ok
    07:46:13.0568 3104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    07:46:13.0568 3104 MRxDAV - ok
    07:46:13.0599 3104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    07:46:13.0615 3104 mrxsmb - ok
    07:46:13.0708 3104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    07:46:13.0708 3104 mrxsmb10 - ok
    07:46:13.0739 3104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    07:46:13.0739 3104 mrxsmb20 - ok
    07:46:13.0771 3104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    07:46:13.0771 3104 msahci - ok
    07:46:13.0802 3104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    07:46:13.0864 3104 msdsm - ok
    07:46:13.0895 3104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    07:46:13.0895 3104 Msfs - ok
    07:46:13.0927 3104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    07:46:13.0942 3104 mshidkmdf - ok
    07:46:13.0958 3104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    07:46:13.0958 3104 msisadrv - ok
    07:46:14.0005 3104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    07:46:14.0020 3104 MSKSSRV - ok
    07:46:14.0020 3104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    07:46:14.0036 3104 MSPCLOCK - ok
    07:46:14.0036 3104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    07:46:14.0051 3104 MSPQM - ok
    07:46:14.0098 3104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    07:46:14.0098 3104 MsRPC - ok
    07:46:14.0114 3104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    07:46:14.0114 3104 mssmbios - ok
    07:46:14.0192 3104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    07:46:14.0192 3104 MSTEE - ok
    07:46:14.0207 3104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    07:46:14.0207 3104 MTConfig - ok
    07:46:14.0239 3104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    07:46:14.0254 3104 Mup - ok
    07:46:14.0301 3104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    07:46:14.0301 3104 NativeWifiP - ok
    07:46:14.0441 3104 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111123.036\ENG64.SYS
    07:46:14.0441 3104 NAVENG - ok
    07:46:14.0535 3104 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111123.036\EX64.SYS
    07:46:14.0566 3104 NAVEX15 - ok
    07:46:14.0707 3104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    07:46:14.0722 3104 NDIS - ok
    07:46:14.0753 3104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    07:46:14.0753 3104 NdisCap - ok
    07:46:14.0785 3104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    07:46:14.0816 3104 NdisTapi - ok
    07:46:14.0847 3104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    07:46:14.0847 3104 Ndisuio - ok
    07:46:14.0863 3104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    07:46:14.0863 3104 NdisWan - ok
    07:46:14.0878 3104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    07:46:14.0878 3104 NDProxy - ok
    07:46:14.0909 3104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    07:46:14.0941 3104 NetBIOS - ok
    07:46:15.0034 3104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    07:46:15.0034 3104 NetBT - ok
    07:46:15.0097 3104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    07:46:15.0097 3104 nfrd960 - ok
    07:46:15.0128 3104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    07:46:15.0143 3104 Npfs - ok
    07:46:15.0175 3104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    07:46:15.0190 3104 nsiproxy - ok
    07:46:15.0268 3104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    07:46:15.0315 3104 Ntfs - ok
    07:46:15.0409 3104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    07:46:15.0409 3104 Null - ok
    07:46:15.0440 3104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    07:46:15.0471 3104 nvraid - ok
    07:46:15.0518 3104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    07:46:15.0518 3104 nvstor - ok
    07:46:15.0549 3104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    07:46:15.0580 3104 nv_agp - ok
    07:46:15.0627 3104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    07:46:15.0658 3104 ohci1394 - ok
    07:46:15.0721 3104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    07:46:15.0736 3104 Parport - ok
    07:46:15.0767 3104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    07:46:15.0767 3104 partmgr - ok
    07:46:15.0783 3104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    07:46:15.0799 3104 pci - ok
    07:46:15.0799 3104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    07:46:15.0799 3104 pciide - ok
    07:46:15.0830 3104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    07:46:15.0861 3104 pcmcia - ok
    07:46:15.0939 3104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    07:46:15.0939 3104 pcw - ok
    07:46:15.0970 3104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    07:46:16.0017 3104 PEAUTH - ok
    07:46:16.0142 3104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    07:46:16.0157 3104 PptpMiniport - ok
    07:46:16.0173 3104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    07:46:16.0204 3104 Processor - ok
    07:46:16.0267 3104 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\Windows\system32\DRIVERS\psadd.sys
    07:46:16.0267 3104 psadd - ok
    07:46:16.0298 3104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    07:46:16.0313 3104 Psched - ok
    07:46:16.0485 3104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    07:46:16.0547 3104 ql2300 - ok
    07:46:16.0579 3104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    07:46:16.0579 3104 ql40xx - ok
    07:46:16.0610 3104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    07:46:16.0641 3104 QWAVEdrv - ok
    07:46:16.0672 3104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    07:46:16.0672 3104 RasAcd - ok
    07:46:16.0735 3104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    07:46:16.0766 3104 RasAgileVpn - ok
    07:46:16.0844 3104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    07:46:16.0844 3104 Rasl2tp - ok
    07:46:16.0875 3104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    07:46:16.0906 3104 RasPppoe - ok
    07:46:16.0937 3104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    07:46:16.0953 3104 RasSstp - ok
    07:46:16.0984 3104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    07:46:16.0984 3104 rdbss - ok
    07:46:17.0000 3104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    07:46:17.0015 3104 rdpbus - ok
    07:46:17.0031 3104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    07:46:17.0047 3104 RDPCDD - ok
    07:46:17.0093 3104 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    07:46:17.0109 3104 RDPDR - ok
    07:46:17.0140 3104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    07:46:17.0156 3104 RDPENCDD - ok
    07:46:17.0187 3104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    07:46:17.0187 3104 RDPREFMP - ok
    07:46:17.0203 3104 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    07:46:17.0203 3104 RDPWD - ok
    07:46:17.0249 3104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    07:46:17.0249 3104 rdyboost - ok
    07:46:17.0312 3104 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys
    07:46:17.0312 3104 rimmptsk - ok
    07:46:17.0359 3104 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys
    07:46:17.0359 3104 rimsptsk - ok
    07:46:17.0390 3104 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys
    07:46:17.0390 3104 rismxdp - ok
    07:46:17.0468 3104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    07:46:17.0468 3104 rspndr - ok
    07:46:17.0499 3104 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    07:46:17.0499 3104 s3cap - ok
    07:46:17.0515 3104 SAVRKBootTasks - ok
    07:46:17.0561 3104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    07:46:17.0561 3104 sbp2port - ok
    07:46:17.0608 3104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    07:46:17.0608 3104 scfilter - ok
    07:46:17.0686 3104 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    07:46:17.0733 3104 sdbus - ok
    07:46:17.0811 3104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    07:46:17.0811 3104 secdrv - ok
    07:46:17.0858 3104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    07:46:17.0858 3104 Serenum - ok
    07:46:17.0905 3104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    07:46:17.0905 3104 Serial - ok
    07:46:17.0936 3104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    07:46:17.0936 3104 sermouse - ok
    07:46:17.0983 3104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    07:46:17.0998 3104 sffdisk - ok
    07:46:18.0014 3104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    07:46:18.0029 3104 sffp_mmc - ok
    07:46:18.0045 3104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    07:46:18.0045 3104 sffp_sd - ok
    07:46:18.0061 3104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    07:46:18.0061 3104 sfloppy - ok
    07:46:18.0139 3104 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
    07:46:18.0185 3104 Shockprf - ok
    07:46:18.0232 3104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    07:46:18.0248 3104 SiSRaid2 - ok
    07:46:18.0263 3104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    07:46:18.0326 3104 SiSRaid4 - ok
    07:46:18.0357 3104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    07:46:18.0357 3104 Smb - ok
    07:46:18.0419 3104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    07:46:18.0435 3104 spldr - ok
    07:46:18.0497 3104 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\Windows\system32\Drivers\SRTSP64.SYS
    07:46:18.0497 3104 SRTSP - ok
    07:46:18.0529 3104 SRTSPL (b0304f6120848db7d7709843e2294705) C:\Windows\system32\Drivers\SRTSPL64.SYS
    07:46:18.0544 3104 SRTSPL - ok
    07:46:18.0575 3104 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\Windows\system32\Drivers\SRTSPX64.SYS
    07:46:18.0575 3104 SRTSPX - ok
    07:46:18.0638 3104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    07:46:18.0669 3104 srv - ok
    07:46:18.0700 3104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    07:46:18.0716 3104 srv2 - ok
    07:46:18.0763 3104 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    07:46:18.0763 3104 SrvHsfHDA - ok
    07:46:18.0809 3104 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    07:46:18.0841 3104 SrvHsfV92 - ok
    07:46:18.0887 3104 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    07:46:18.0919 3104 SrvHsfWinac - ok
    07:46:18.0965 3104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    07:46:18.0997 3104 srvnet - ok
    07:46:19.0043 3104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    07:46:19.0075 3104 stexstor - ok
    07:46:19.0137 3104 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    07:46:19.0137 3104 storflt - ok
    07:46:19.0184 3104 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    07:46:19.0184 3104 storvsc - ok
    07:46:19.0231 3104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    07:46:19.0231 3104 swenum - ok
    07:46:19.0293 3104 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    07:46:19.0293 3104 SymEvent - ok
    07:46:19.0465 3104 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    07:46:19.0511 3104 Tcpip - ok
    07:46:19.0589 3104 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    07:46:19.0621 3104 TCPIP6 - ok
    07:46:19.0652 3104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    07:46:19.0652 3104 tcpipreg - ok
    07:46:19.0683 3104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    07:46:19.0699 3104 TDPIPE - ok
    07:46:19.0714 3104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    07:46:19.0714 3104 TDTCP - ok
    07:46:19.0777 3104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    07:46:19.0823 3104 tdx - ok
    07:46:19.0855 3104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    07:46:19.0870 3104 TermDD - ok
    07:46:19.0917 3104 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
    07:46:19.0917 3104 TPDIGIMN - ok
    07:46:19.0995 3104 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
    07:46:19.0995 3104 TPM - ok
    07:46:20.0042 3104 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
    07:46:20.0073 3104 TPPWRIF - ok
    07:46:20.0182 3104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    07:46:20.0213 3104 tssecsrv - ok
    07:46:20.0245 3104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    07:46:20.0276 3104 TsUsbFlt - ok
    07:46:20.0291 3104 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    07:46:20.0307 3104 TsUsbGD - ok
    07:46:20.0354 3104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    07:46:20.0369 3104 tunnel - ok
    07:46:20.0401 3104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    07:46:20.0416 3104 uagp35 - ok
    07:46:20.0463 3104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    07:46:20.0479 3104 udfs - ok
    07:46:20.0510 3104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    07:46:20.0541 3104 uliagpkx - ok
    07:46:20.0572 3104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    07:46:20.0603 3104 umbus - ok
    07:46:20.0619 3104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    07:46:20.0635 3104 UmPass - ok
    07:46:20.0681 3104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    07:46:20.0681 3104 usbccgp - ok
    07:46:20.0744 3104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    07:46:20.0744 3104 usbcir - ok
    07:46:20.0775 3104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    07:46:20.0775 3104 usbehci - ok
    07:46:20.0822 3104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    07:46:20.0869 3104 usbhub - ok
    07:46:20.0900 3104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    07:46:20.0915 3104 usbohci - ok
    07:46:20.0931 3104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    07:46:20.0931 3104 usbprint - ok
    07:46:20.0978 3104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    07:46:20.0993 3104 USBSTOR - ok
    07:46:21.0025 3104 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    07:46:21.0025 3104 usbuhci - ok
    07:46:21.0071 3104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    07:46:21.0087 3104 vdrvroot - ok
    07:46:21.0103 3104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    07:46:21.0118 3104 vga - ok
    07:46:21.0149 3104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    07:46:21.0149 3104 VgaSave - ok
    07:46:21.0181 3104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    07:46:21.0181 3104 vhdmp - ok
    07:46:21.0243 3104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    07:46:21.0243 3104 viaide - ok
    07:46:21.0274 3104 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    07:46:21.0305 3104 vmbus - ok
    07:46:21.0321 3104 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    07:46:21.0337 3104 VMBusHID - ok
    07:46:21.0368 3104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    07:46:21.0368 3104 volmgr - ok
    07:46:21.0399 3104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    07:46:21.0399 3104 volmgrx - ok
    07:46:21.0446 3104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    07:46:21.0477 3104 volsnap - ok
    07:46:21.0555 3104 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
    07:46:21.0586 3104 vpnva - ok
    07:46:21.0602 3104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    07:46:21.0649 3104 vsmraid - ok
    07:46:21.0680 3104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    07:46:21.0695 3104 vwifibus - ok
    07:46:21.0742 3104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    07:46:21.0758 3104 vwififlt - ok
    07:46:21.0805 3104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    07:46:21.0805 3104 WacomPen - ok
    07:46:21.0851 3104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    07:46:21.0851 3104 WANARP - ok
    07:46:21.0867 3104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    07:46:21.0867 3104 Wanarpv6 - ok
    07:46:21.0945 3104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    07:46:21.0945 3104 Wd - ok
    07:46:21.0992 3104 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    07:46:21.0992 3104 WDC_SAM - ok
    07:46:22.0039 3104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    07:46:22.0085 3104 Wdf01000 - ok
    07:46:22.0195 3104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    07:46:22.0210 3104 WfpLwf - ok
    07:46:22.0226 3104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    07:46:22.0257 3104 WIMMount - ok
    07:46:22.0304 3104 winachsf (7387ce6730baab8254da0ce3776a4b28) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    07:46:22.0304 3104 winachsf - ok
    07:46:22.0397 3104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    07:46:22.0397 3104 WmiAcpi - ok
    07:46:22.0444 3104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    07:46:22.0460 3104 ws2ifsl - ok
    07:46:22.0569 3104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    07:46:22.0585 3104 WudfPf - ok
    07:46:22.0616 3104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    07:46:22.0616 3104 WUDFRd - ok
    07:46:22.0663 3104 XAudio (9907bc1cc78c37073ac78a4541710b61) C:\Windows\system32\DRIVERS\XAudio64.sys
    07:46:22.0663 3104 XAudio - ok
    07:46:22.0725 3104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    07:46:22.0725 3104 \Device\Harddisk0\DR0 - ok
    07:46:22.0741 3104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR18
    07:46:22.0741 3104 \Device\Harddisk1\DR18 - ok
    07:46:22.0741 3104 Boot (0x1200) (592d24ca9b64e889e93be5695a4bb97b) \Device\Harddisk0\DR0\Partition0
    07:46:22.0741 3104 \Device\Harddisk0\DR0\Partition0 - ok
    07:46:22.0756 3104 Boot (0x1200) (ca789749f408115a52914f9c90a1e750) \Device\Harddisk0\DR0\Partition1
    07:46:22.0756 3104 \Device\Harddisk0\DR0\Partition1 - ok
    07:46:22.0772 3104 Boot (0x1200) (d149577f68b48ece24e3d56f252de7c5) \Device\Harddisk1\DR18\Partition0
    07:46:22.0772 3104 \Device\Harddisk1\DR18\Partition0 - ok
    07:46:22.0772 3104 ============================================================
    07:46:22.0772 3104 Scan finished
    07:46:22.0772 3104 ============================================================
    07:46:22.0787 4264 Detected object count: 0
    07:46:22.0787 4264 Actual detected object count: 0
     
  7. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,

    In this next post I want you to run a couple of extra scans for me.


    Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    You can use this thread as a guide.

    Please include the C:\ComboFix.txt in your next reply for further review.



    Please download mbrfix.exe from here --> Download

    Scroll down to locate mbrfix.exe and in the lower right corner of the tool info, you'll see the Download link. It's important that you save it directly to the C:\ drive and extract it to that same location.



    Please press the [​IMG] + R Key and type notepad into the Run box.
    Copy/paste the entire contents of the codebox below, into notepad:

    Code:
    @echo off
    cd \
    mbrfix64.exe /drive 0 savembr MBRlook
    zip "%userprofile%\desktop\mbrlook" mbrlook
    del %0
    
    • Now on the top of the window choose File --> Save as
    • Into the Save as line type in mbr.bat
    • Change the Save as type to All Files (*.*)
    • Save it on your Desktop.

      It should look like this [​IMG]
    • Run the mbr.bat

    This batch file will create a mbrlook.zip file on your desktop. Please attach this in your next reply.



    Please post in your next reply
    Combofix.txt
    MBRlook.zip ( attached )
     
  8. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Hi Daniel!

    I have attempted more than once to run the ComboFix and I'm unable to do so. I was able to download it to my desktop but when I run it, it goes through the extraction and then it doesn't do anything at all.

    I will wait for further instruction from you.
     
  9. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,
    please move on with with MBRFix.exe

    Note: If the MBRLook.zip has not been created on your desktop, please look in C: for a file mbrlook ( does not have an extension ), rightclick --> send to --> Compressed (Zipped) Folder

    and attach this .zip file in your next reply :)
     
  10. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Hi Daniel! Thank you so much for staying with me! Apparently, I didn't wait long enough for the Combo Fix to start but, after getting a warning that Symantec Endpoint was still running, it went ahead and ran. Here is the resulting log. It took a VERY long time!

    I have also attached the MBR zip file, althought the window said no batch file was found.

    I will wait to hear from you before doing anything further.



    ComboFix 11-11-24.01 - kmitchell 11/24/2011 17:38:22.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.2373 [GMT -5:00]
    Running from: c:\users\kmitchell\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\LP
    c:\program files (x86)\LP\1D83\186.exe
    c:\program files (x86)\LP\1D83\24D7.tmp
    c:\program files (x86)\LP\1D83\9784.tmp
    c:\program files (x86)\LP\1D83\D965.tmp
    C:\Skype
    c:\skype\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\Skype.msi
    c:\skype\Apps\pcj\assets\promotions\content_ar.json
    c:\skype\Apps\pcj\assets\promotions\content_bg.json
    c:\skype\Apps\pcj\assets\promotions\content_cs.json
    c:\skype\Apps\pcj\assets\promotions\content_da.json
    c:\skype\Apps\pcj\assets\promotions\content_de.json
    c:\skype\Apps\pcj\assets\promotions\content_el.json
    c:\skype\Apps\pcj\assets\promotions\content_es.json
    c:\skype\Apps\pcj\assets\promotions\content_fi.json
    c:\skype\Apps\pcj\assets\promotions\content_fr.json
    c:\skype\Apps\pcj\assets\promotions\content_he.json
    c:\skype\Apps\pcj\assets\promotions\content_hu.json
    c:\skype\Apps\pcj\assets\promotions\content_id.json
    c:\skype\Apps\pcj\assets\promotions\content_it.json
    c:\skype\Apps\pcj\assets\promotions\content_ja.json
    c:\skype\Apps\pcj\assets\promotions\content_ko.json
    c:\skype\Apps\pcj\assets\promotions\content_lt.json
    c:\skype\Apps\pcj\assets\promotions\content_lv.json
    c:\skype\Apps\pcj\assets\promotions\content_nl.json
    c:\skype\Apps\pcj\assets\promotions\content_no.json
    c:\skype\Apps\pcj\assets\promotions\content_pl.json
    c:\skype\Apps\pcj\assets\promotions\content_pt-BR.json
    c:\skype\Apps\pcj\assets\promotions\content_pt.json
    c:\skype\Apps\pcj\assets\promotions\content_ro.json
    c:\skype\Apps\pcj\assets\promotions\content_ru.json
    c:\skype\Apps\pcj\assets\promotions\content_sv.json
    c:\skype\Apps\pcj\assets\promotions\content_tr.json
    c:\skype\Apps\pcj\assets\promotions\content_uk.json
    c:\skype\Apps\pcj\assets\promotions\content_vi.json
    c:\skype\Apps\pcj\assets\promotions\content_zh-Hans.json
    c:\skype\Apps\pcj\assets\promotions\content_zh-Hant.json
    c:\skype\Apps\pcj\i\css\main.css
    c:\skype\Apps\pcj\i\images\backgrounds\avatar-bg-98x98.png
    c:\skype\Apps\pcj\i\images\backgrounds\clouds.png
    c:\skype\Apps\pcj\i\images\backgrounds\clouds32.png
    c:\skype\Apps\pcj\i\images\backgrounds\header-gradient.png
    c:\skype\Apps\pcj\i\images\buttons\16_button.png
    c:\skype\Apps\pcj\i\images\buttons\16_button_gray.gif
    c:\skype\Apps\pcj\i\images\buttons\16_button_gray_group.gif
    c:\skype\Apps\pcj\i\images\buttons\16_button_gray_group.png
    c:\skype\Apps\pcj\i\images\buttons\16_call_button.gif
    c:\skype\Apps\pcj\i\images\buttons\16_call_button.png
    c:\skype\Apps\pcj\i\images\buttons\25_add_button.gif
    c:\skype\Apps\pcj\i\images\buttons\25_add_button.png
    c:\skype\Apps\pcj\i\images\buttons\25_button.png
    c:\skype\Apps\pcj\i\images\buttons\25_button_gray.gif
    c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_green_split.gif
    c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_green_split.png
    c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_split.gif
    c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_split.png
    c:\skype\Apps\pcj\i\images\buttons\25_green_button.gif
    c:\skype\Apps\pcj\i\images\buttons\25_green_button.png
    c:\skype\Apps\pcj\i\images\buttons\25_home_button.gif
    c:\skype\Apps\pcj\i\images\buttons\25_home_button.png
    c:\skype\Apps\pcj\i\images\buttons\25_roundbutton.png
    c:\skype\Apps\pcj\i\images\buttons\25_roundbutton_gray.gif
    c:\skype\Apps\pcj\i\images\buttons\close.gif
    c:\skype\Apps\pcj\i\images\buttons\close.png
    c:\skype\Apps\pcj\i\images\buttons\input_clear.png
    c:\skype\Apps\pcj\i\images\buttons\toggle_contacts.png
    c:\skype\Apps\pcj\i\images\buttons\toggle_contacts_32.png
    c:\skype\Apps\pcj\i\images\profile-96x96.png
    c:\skype\Apps\pcj\i\images\promotions\callquality-illustration.png
    c:\skype\Apps\pcj\i\images\promotions\success-illustration.png
    c:\skype\Apps\pcj\i\images\skypeout-96x96.png
    c:\skype\Apps\pcj\i\images\spinner.gif
    c:\skype\Apps\pcj\i\js\config.js
    c:\skype\Apps\pcj\i\js\core.js
    c:\skype\Apps\pcj\i\js\languages\ar.js
    c:\skype\Apps\pcj\i\js\languages\bg.js
    c:\skype\Apps\pcj\i\js\languages\cs.js
    c:\skype\Apps\pcj\i\js\languages\da.js
    c:\skype\Apps\pcj\i\js\languages\de.js
    c:\skype\Apps\pcj\i\js\languages\el.js
    c:\skype\Apps\pcj\i\js\languages\en.js
    c:\skype\Apps\pcj\i\js\languages\es.js
    c:\skype\Apps\pcj\i\js\languages\et.js
    c:\skype\Apps\pcj\i\js\languages\fi.js
    c:\skype\Apps\pcj\i\js\languages\fr.js
    c:\skype\Apps\pcj\i\js\languages\he.js
    c:\skype\Apps\pcj\i\js\languages\hu.js
    c:\skype\Apps\pcj\i\js\languages\id.js
    c:\skype\Apps\pcj\i\js\languages\it.js
    c:\skype\Apps\pcj\i\js\languages\ja.js
    c:\skype\Apps\pcj\i\js\languages\ko.js
    c:\skype\Apps\pcj\i\js\languages\lt.js
    c:\skype\Apps\pcj\i\js\languages\lv.js
    c:\skype\Apps\pcj\i\js\languages\nl.js
    c:\skype\Apps\pcj\i\js\languages\no.js
    c:\skype\Apps\pcj\i\js\languages\pl.js
    c:\skype\Apps\pcj\i\js\languages\pt-BR.js
    c:\skype\Apps\pcj\i\js\languages\pt.js
    c:\skype\Apps\pcj\i\js\languages\ro.js
    c:\skype\Apps\pcj\i\js\languages\ru.js
    c:\skype\Apps\pcj\i\js\languages\sv.js
    c:\skype\Apps\pcj\i\js\languages\tr.js
    c:\skype\Apps\pcj\i\js\languages\uk.js
    c:\skype\Apps\pcj\i\js\languages\vi.js
    c:\skype\Apps\pcj\i\js\languages\zh-Hans.js
    c:\skype\Apps\pcj\i\js\languages\zh-Hant.js
    c:\skype\Apps\pcj\index.html
    c:\skype\Apps\skypehome\i\images\alert_expanded_bg_1x4.png
    c:\skype\Apps\skypehome\i\images\avatarview\Add_80x16_x3.png
    c:\skype\Apps\skypehome\i\images\avatarview\AvatarPlaceholder_98x98.png
    c:\skype\Apps\skypehome\i\images\avatarview\AvatarShadow_98x98.png
    c:\skype\Apps\skypehome\i\images\avatarview\ButtonBackground_72x38.png
    c:\skype\Apps\skypehome\i\images\avatarview\CallEnd_32x32_x3.png
    c:\skype\Apps\skypehome\i\images\avatarview\CallStart_32x32_x3.png
    c:\skype\Apps\skypehome\i\images\avatarview\Message_32x32_x3.png
    c:\skype\Apps\skypehome\i\images\bg_1x4_x1.png
    c:\skype\Apps\skypehome\i\images\Bubbles-rtl_10x9_x2.png
    c:\skype\Apps\skypehome\i\images\Bubbles_10x9_x2.png
    c:\skype\Apps\skypehome\i\images\button_16_left.png
    c:\skype\Apps\skypehome\i\images\button_16_right.png
    c:\skype\Apps\skypehome\i\images\Button_50x16_x5.png
    c:\skype\Apps\skypehome\i\images\buttons\25_button.png
    c:\skype\Apps\skypehome\i\images\buttons\25_button_blue.png
    c:\skype\Apps\skypehome\i\images\buttons\25_button_light_blue.png
    c:\skype\Apps\skypehome\i\images\buttons\32_button.png
    c:\skype\Apps\skypehome\i\images\buttons\buttons.png
    c:\skype\Apps\skypehome\i\images\Close_16x16_x3.png
    c:\skype\Apps\skypehome\i\images\Connecting_40x40_x36_anim.gif
    c:\skype\Apps\skypehome\i\images\education-bar-bg.png
    c:\skype\Apps\skypehome\i\images\fancybox\blank.gif
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_close.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_loading.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_nav_left.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_nav_right.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_e.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_n.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_ne.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_nw.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_s.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_se.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_sw.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_w.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_left.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_main.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_over.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_right.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancybox-x.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancybox-y.png
    c:\skype\Apps\skypehome\i\images\fancybox\fancybox.png
    c:\skype\Apps\skypehome\i\images\feedSettings_expanded_bg_1x4.png
    c:\skype\Apps\skypehome\i\images\Movie_16x16_x3.png
    c:\skype\Apps\skypehome\i\images\myselfPanel_bg_1x36.png
    c:\skype\Apps\skypehome\i\images\partners85.png
    c:\skype\Apps\skypehome\i\images\Settings_16x16_x5.png
    c:\skype\Apps\skypehome\i\images\Settings_30x16_x5.png
    c:\skype\Apps\skypehome\i\images\Share_45x16_x3.png
    c:\skype\Apps\skypehome\i\images\Switch_22x13_x4.png
    c:\skype\Apps\skypehome\i\images\Switch_22x13_x4_disabled.png
    c:\skype\Apps\skypehome\i\images\Textarea-b_557x3_x1.png
    c:\skype\Apps\skypehome\i\images\Textarea-t_557x3_x2.png
    c:\skype\Apps\skypehome\i\images\Video_mood_16x16_x5.png
    c:\skype\Apps\skypehome\i\images\ViewSwtich-l-selected_76x80_x5.png
    c:\skype\Apps\skypehome\i\images\ViewSwtich-l-unselected_76x80_x5.png
    c:\skype\Apps\skypehome\i\images\ViewSwtich-r-selected_58x80_x5.png
    c:\skype\Apps\skypehome\i\images\ViewSwtich-r-unselected_58x80_x5.png
    c:\skype\Apps\skypehome\i\languages\ar.json
    c:\skype\Apps\skypehome\i\languages\bg.json
    c:\skype\Apps\skypehome\i\languages\cs.json
    c:\skype\Apps\skypehome\i\languages\da.json
    c:\skype\Apps\skypehome\i\languages\de.json
    c:\skype\Apps\skypehome\i\languages\el.json
    c:\skype\Apps\skypehome\i\languages\en.json
    c:\skype\Apps\skypehome\i\languages\es.json
    c:\skype\Apps\skypehome\i\languages\et.json
    c:\skype\Apps\skypehome\i\languages\fi.json
    c:\skype\Apps\skypehome\i\languages\fr.json
    c:\skype\Apps\skypehome\i\languages\he.json
    c:\skype\Apps\skypehome\i\languages\hu.json
    c:\skype\Apps\skypehome\i\languages\id.json
    c:\skype\Apps\skypehome\i\languages\it.json
    c:\skype\Apps\skypehome\i\languages\ja.json
    c:\skype\Apps\skypehome\i\languages\ko.json
    c:\skype\Apps\skypehome\i\languages\lt.json
    c:\skype\Apps\skypehome\i\languages\lv.json
    c:\skype\Apps\skypehome\i\languages\nl.json
    c:\skype\Apps\skypehome\i\languages\no.json
    c:\skype\Apps\skypehome\i\languages\pl.json
    c:\skype\Apps\skypehome\i\languages\pt-br.json
    c:\skype\Apps\skypehome\i\languages\pt.json
    c:\skype\Apps\skypehome\i\languages\ro.json
    c:\skype\Apps\skypehome\i\languages\rtl.css
    c:\skype\Apps\skypehome\i\languages\ru.json
    c:\skype\Apps\skypehome\i\languages\sv.json
    c:\skype\Apps\skypehome\i\languages\tr.json
    c:\skype\Apps\skypehome\i\languages\uk.json
    c:\skype\Apps\skypehome\i\languages\vi.json
    c:\skype\Apps\skypehome\i\languages\zh-Hans.json
    c:\skype\Apps\skypehome\i\languages\zh-Hant.json
    c:\skype\Apps\skypehome\i\production\combined.css
    c:\skype\Apps\skypehome\i\production\combined.js
    c:\skype\Apps\skypehome\i\production\jquery-1.4.3.min.js
    c:\skype\Apps\skypehome\index.html
    c:\users\kmitchell\AppData\Roaming\304BF
    c:\users\kmitchell\AppData\Roaming\304BF\9FD1D.exe
    c:\users\kmitchell\AppData\Roaming\304BF\F649.04B
    c:\users\kmitchell\AppData\Roaming\dwme.exe
    c:\users\kmitchell\AppData\Roaming\XgTZZjjCwkIrO
    c:\users\kmitchell\AppData\Roaming\XgTZZjjCwkIrO\Cloud AV 2012.ico
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-24 23:43 . 2011-11-24 23:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\SJ7dEqhYXkVlBz0
    2011-11-24 23:43 . 2011-11-24 23:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd
    2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\setup\AppData\Local\temp
    2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\jstouffer\AppData\Local\temp
    2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\administrator\AppData\Local\temp
    2011-11-24 22:22 . 2011-11-24 22:22 -------- d-----w- c:\program files (x86)\BF649
    2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\FWWK7fEL9
    2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\SS22ibD3pG4aHsK
    2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA
    2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\u2bF3pmGa
    2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\kgRZ9hYXwUe
    2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\T111ibD3nG4aHsJ
    2011-11-17 13:55 . 2011-11-17 16:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-17 13:55 . 2011-11-17 14:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-11-11 15:33 . 2011-11-11 15:33 388096 ----a-r- c:\users\kmitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-11 15:33 . 2011-11-11 15:33 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-11-11 15:21 . 2011-11-11 15:21 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-11 14:46 . 2011-05-12 19:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
    2011-11-11 14:19 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\6963.tmp
    2011-11-11 14:18 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\ED02.tmp
    2011-11-11 14:17 . 2011-11-11 14:17 -------- d-----w- c:\program files (x86)\Sophos
    2011-11-11 13:43 . 2011-11-11 13:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Malwarebytes
    2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Malwarebytes
    2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-10 14:31 . 2011-11-11 13:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-10 14:16 . 2011-11-10 17:00 -------- d-----w- c:\windows\system32\appmgmt
    2011-11-10 14:11 . 2011-11-10 14:11 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Apple Computer
    2011-11-09 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 12:40 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 21:31 . 2011-11-08 21:31 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Apple Computer
    2011-11-02 22:08 . 2011-11-10 15:47 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-11-02 22:08 . 2011-11-02 22:08 -------- d-----w- c:\users\kmitchell\AppData\Local\Apple
    2011-11-02 22:08 . 2011-11-10 16:10 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-11-02 22:08 . 2011-11-10 16:11 -------- d-----w- c:\programdata\Apple
    2011-11-02 22:06 . 2011-11-10 16:11 -------- d-----w- c:\program files (x86)\QuickTime
    2011-11-02 17:59 . 2011-11-02 19:14 -------- d-----w- c:\users\kmitchell\AppData\Roaming\webex
    2011-11-02 17:59 . 2011-11-10 16:11 -------- d-----w- c:\programdata\WebEx
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-24 22:24 . 2011-11-24 22:24 138820 ----a-w- C:\mbrfix.zip
    2011-11-21 20:27 . 2011-07-20 13:11 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-09-20 18:35 . 2011-10-21 16:32 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
    2011-09-01 05:24 . 2011-10-18 17:55 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 05:17 . 2011-10-18 17:55 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 05:12 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-01 02:35 . 2011-10-18 17:55 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-09-01 02:28 . 2011-10-18 17:55 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-09-01 02:22 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-08-27 05:37 . 2011-10-13 16:21 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 05:37 . 2011-10-13 16:21 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-27 04:26 . 2011-10-13 16:21 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:26 . 2011-10-13 16:21 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
    2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
    .
    [HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-08-18 115624]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-06-02 1553256]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-11-02 421888]
    "F77fRL9gTXjYeIr8234A"="c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA\Cloud AV 2012v121.exe" [2011-11-24 2932224]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-12 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-06-02 477032]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6963.tmp [x]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
    S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-03-31 579264]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260Core.job
    - c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260UA.job
    - c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2011-03-29 380776]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-30 54120]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 74.40.74.40 74.40.74.41
    FF - ProfilePath - c:\users\kmitchell\AppData\Roaming\Mozilla\Firefox\Profiles\950sra5n.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    Wow6432Node-HKLM-Run-YttxP0ycSiDoF8234A - c:\windows\system32\Cloud AV 2012v121.exe
    Wow6432Node-HKLM-Run-hIBtzPNyc1v2b4m - c:\users\kmitchell\AppData\Roaming\dwme.exe
    Wow6432Node-HKLM-Run-186.exe - c:\program files (x86)\LP\1D83\186.exe
    Wow6432Node-HKLM-Run-dfEL9gTZqYwI - c:\users\kmitchell\AppData\Roaming\dwme.exe
    Notify-igfxcui - (no file)
    SafeBoot-Symantec Antvirus
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\6963.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
    c:\program files\LENOVO\HOTKEY\tposdsvc.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
    c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files (x86)\Lenovo\System Update\SUService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-24 19:05:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-25 00:04
    .
    Pre-Run: 106,445,561,856 bytes free
    Post-Run: 106,773,168,128 bytes free
    .
    - - End Of File - - D6D80CEA991BDB9CC291CBCE7478D05C
     

    Attached Files:

  11. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Good work.
    Combofix deleted a lot of Skype related files. Did you ever installed Skype directly on your C: drive ?

    The MBR file appears clean but there are some things which requires our attention.



    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
    • Open Spybot Search & Destroy.
    • In the Mode menu click "Advanced mode" if not already selected.
    • Choose "Yes" at the Warning prompt.
    • Expand the "Tools" menu.
    • Click "Resident".
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • In the File menu click "Exit" to exit Spybot Search & Destroy.



    Open notepad and copy/paste the text in the Code-box below into it:

    Code:
    Folder::
    c:\users\kmitchell\AppData\Roaming\SJ7dEqhYXkVlBz0
    c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd
    c:\users\kmitchell\AppData\Roaming\FWWK7fEL9
    c:\users\kmitchell\AppData\Roaming\SS22ibD3pG4aHsK
    c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA
    c:\users\kmitchell\AppData\Roaming\u2bF3pmGa
    c:\users\kmitchell\AppData\Roaming\kgRZ9hYXwUe
    c:\users\kmitchell\AppData\Roaming\T111ibD3nG4aHsJ
    
    DirLook::
    c:\program files (x86)\BF649
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "F77fRL9gTXjYeIr8234A"=-
    
    • Save this as CFScript.txt, in the same location as ComboFix.exe.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe.
    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




    Please press the [​IMG] + R Key and Copy/Paste the following single-line command into the Run box and click OK

    "C:\QooBox\Add-Remove Programs.txt"


    This will open a notepad window, Please Copy/Paste its content in your next reply.


    How is your system behaving now ?



    Please post in your next reply
    Combofix.txt
    Add-Remove Programms.txt
     
  12. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Good morning, Daniel!

    To answer your question regarding Skype, I did install that on my computer to communicate with a friend of mine traveling abroad for vacation. I am fine with removing it.

    After closing the browser, prior to dragging the file over to Combo Fix, there were several messages that kept appearing, like tool tips, with a "mevio" web address in them. I was able to capter a screen shot of one and I have attached it. The other image in the document is the processes that were running. It shows Internet Explorer process running even though I had closed all open browser windows.

    I have not seen any unusual activity since Combo Fix rebooted but there are still several files on my external drive that are hidden.

    Thank you so much for your assistance and here are the log files you requested:

    ComboFix 11-11-24.01 - kmitchell 11/25/2011 9:51.2.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.2251 [GMT -5:00]
    Running from: c:\users\kmitchell\Desktop\ComboFix.exe
    Command switches used :: c:\users\kmitchell\Desktop\CFScript.txt
    AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\kmitchell\AppData\Roaming\FWWK7fEL9
    c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA
    c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA\Cloud AV 2012v121.exe
    c:\users\kmitchell\AppData\Roaming\kgRZ9hYXwUe
    c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd
    c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd\Cloud AV 2012.ico
    c:\users\kmitchell\AppData\Roaming\SJ7dEqhYXkVlBz0
    c:\users\kmitchell\AppData\Roaming\SS22ibD3pG4aHsK
    c:\users\kmitchell\AppData\Roaming\T111ibD3nG4aHsJ
    c:\users\kmitchell\AppData\Roaming\u2bF3pmGa
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\setup\AppData\Local\temp
    2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\jstouffer\AppData\Local\temp
    2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\administrator\AppData\Local\temp
    2011-11-24 22:22 . 2011-11-24 22:22 -------- d-----w- c:\program files (x86)\BF649
    2011-11-17 13:55 . 2011-11-17 16:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-11-17 13:55 . 2011-11-17 14:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-11-11 15:33 . 2011-11-11 15:33 388096 ----a-r- c:\users\kmitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-11 15:33 . 2011-11-11 15:33 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-11-11 15:21 . 2011-11-11 15:21 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-11 14:46 . 2011-05-12 19:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
    2011-11-11 14:19 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\6963.tmp
    2011-11-11 14:18 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\ED02.tmp
    2011-11-11 14:17 . 2011-11-11 14:17 -------- d-----w- c:\program files (x86)\Sophos
    2011-11-11 13:43 . 2011-11-11 13:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Malwarebytes
    2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Malwarebytes
    2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-10 14:31 . 2011-11-11 13:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-10 14:16 . 2011-11-10 17:00 -------- d-----w- c:\windows\system32\appmgmt
    2011-11-10 14:11 . 2011-11-10 14:11 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Apple Computer
    2011-11-09 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 12:40 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
    2011-11-08 21:31 . 2011-11-08 21:31 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Apple Computer
    2011-11-02 22:08 . 2011-11-10 15:47 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-11-02 22:08 . 2011-11-02 22:08 -------- d-----w- c:\users\kmitchell\AppData\Local\Apple
    2011-11-02 22:08 . 2011-11-10 16:10 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-11-02 22:08 . 2011-11-10 16:11 -------- d-----w- c:\programdata\Apple
    2011-11-02 22:06 . 2011-11-10 16:11 -------- d-----w- c:\program files (x86)\QuickTime
    2011-11-02 17:59 . 2011-11-02 19:14 -------- d-----w- c:\users\kmitchell\AppData\Roaming\webex
    2011-11-02 17:59 . 2011-11-10 16:11 -------- d-----w- c:\programdata\WebEx
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-25 00:55 . 2011-11-25 00:55 138820 ----a-w- C:\mbrfix.zip
    2011-11-21 20:27 . 2011-07-20 13:11 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2011-09-20 18:35 . 2011-10-21 16:32 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
    2011-09-01 05:24 . 2011-10-18 17:55 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 05:17 . 2011-10-18 17:55 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 05:12 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-01 02:35 . 2011-10-18 17:55 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-09-01 02:28 . 2011-10-18 17:55 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-09-01 02:22 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\program files (x86)\BF649 ----
    .
    2011-11-24 22:22 . 2011-11-24 22:22 188416 ----a-w- c:\program files (x86)\BF649\lvvm.exe
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_23.44.25 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-11-17 16:29 . 2011-11-24 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-11-17 16:29 . 2011-11-25 14:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 04:54 . 2011-11-24 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-11-25 14:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-11-24 22:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-25 14:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-25 14:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-24 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 05:10 . 2011-11-25 15:34 47964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-07-19 22:13 . 2011-11-25 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-19 22:13 . 2011-11-24 23:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-19 22:13 . 2011-11-24 23:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-07-19 22:13 . 2011-11-25 15:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-24 23:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-25 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-08-18 13:36 . 2011-11-25 15:34 4578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-847016160-4124738267-1826922858-1260_UserData.bin
    + 2011-11-25 15:30 . 2011-11-25 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-11-24 23:41 . 2011-11-24 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-11-24 23:41 . 2011-11-24 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-25 15:30 . 2011-11-25 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-07-19 21:41 . 2011-11-25 14:29 292834 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2011-11-25 15:28 399196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-11-24 23:40 399196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-08-11 21:01 . 2011-11-24 23:40 2598072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-08-11 21:01 . 2011-11-25 15:28 2598072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-09-03 19:56 . 2011-11-25 15:28 15750908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-847016160-4124738267-1826922858-1260-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
    2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
    .
    [HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-08-18 115624]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-06-02 1553256]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-11-02 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-12 50688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
    [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
    R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-06-02 477032]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6963.tmp [x]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
    S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-03-31 579264]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260Core.job
    - c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
    .
    2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260UA.job
    - c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2011-03-29 380776]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-30 54120]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
    FF - ProfilePath - c:\users\kmitchell\AppData\Roaming\Mozilla\Firefox\Profiles\950sra5n.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\6963.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Lenovo\System Update\SUService.exe
    c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
    c:\program files\LENOVO\HOTKEY\tposdsvc.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
    c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-25 10:53:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-25 15:53
    ComboFix2.txt 2011-11-25 00:05
    .
    Pre-Run: 106,175,578,112 bytes free
    Post-Run: 106,035,601,408 bytes free
    .
    - - End Of File - - 787CA5D472B5AC0312F5AD8A36C99594




    Update for Microsoft Office 2007 (KB2508958)
    Access Help
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.0 Professional
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader X (10.1.1)
    Apple Application Support
    Apple Software Update
    AVS Audio Converter 7
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.4
    Cisco AnyConnect VPN Client
    FormatFactory 2.70
    Freecorder 5
    Freecorder Toolbar
    Google Chrome
    HiJackThis
    Java Auto Updater
    Java(TM) 6 Update 26
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Professional Plus 2007
    Microsoft Office Project Professional 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ Run Time Lib Setup
    Moyea PPT to Video Converter version 2.2.0.55
    Mozilla Firefox 8.0 (x86 en-US)
    Powerpoint-PPT to AVI-GIF Converter v1.117 (Release 06-03-07 Fr
    PowerVideoMaker Professional 5.0
    Projector
    QuickTime
    RICOH R5U8xx Media Driver ver.3.64.02
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype
    Snagit 10
    Sophos Anti-Rootkit 1.5.20
    Spybot - Search & Destroy
    System Update
    ThinkPad Power Manager
    ThinkPad UltraNav Utility
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VLC media player 1.1.10
    WebEx
    WebEx Productivity Tools
    WinZip
    Wondershare PPT2Video Pro 6.1.10
    Yahoo! Detect
     
  13. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there

    I do not see an attached screenshot but it would be very interesting. So please attach them in your next reply :)



    Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
    Skype

    Better to uninstall Software you do not need anymore.



    I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop.

    Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.



    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    • Download the latest version of Java Runtime Enviroment ( JRE ) 7 and save it to your desktop.
    • Scroll down to where it says Java SE 7 Update 1
    • Click the red Download JRE button on the right.
    • Read the License Agreement then select Accept License Agreement
    • Click on the link to download Windows x86 Offline and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version.

    After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Make sure all are checked
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.



    Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click Start
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log in your next reply.

    Note: Please also write down the detections of ESET with notepad or something similar because sometimes they are not shown in the logfiles.



    Please post in your next reply
    MBAM Log
    log.txt
    Note any open issues
     
  14. sapphire69

    sapphire69 Thread Starter

    Joined:
    Nov 14, 2011
    Messages:
    24
    Hi Daniel!

    I'm away from my computer right now and will be for a couple of hours but I will follow your directions when I get home. In the meantime, can you tellme if attachments need to be in a specific format? I would like to attach the screenshots to my next reply.

    Have a wonderful afternoon!
     
  15. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Thanks for letting me know. There is no rush (y)

    You will see the valid file extensions above the Manage Attachments Button.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027908

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice