My computer is infected but I can't seem to find the problem!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sapphire69

Thread Starter
Joined
Nov 14, 2011
Messages
24
Hello,

A couple of weeks ago, I was on Google and suddenly, all of these error messages cascaded across the screen. When I clicked out of all of them, all of my files were hidden. I was finally able to get most of them back but then, any time I tried to navigate to a web site, it would be redirected and I would also get these random talk radio shows playing with no web page open. I looked in the Task Manager and there were several of my applications that had *32 behind them, and I don't recall them being there before. Also, when I open a new web site, it had several Mevio web sites that had previously been opened. Just to add another wrinkle to things, I use an external drive on my computer all of the time and some of the files on there were hidden so I don't know if I'm reintroducing the virus every time I try to run a scan on the external drive. If anyone can help me, it would be greatly appreciated. Here are the Hijack This log and the DDS log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:56:50 PM, on 11/21/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\kmitchell\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Freecorder Toolbar - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eaglenet.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eaglenet.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eaglenet.local
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13688 bytes


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by kmitchell at 18:57:05 on 2011-11-21
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.1509 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\kmitchell\AppData\Local\Apps\2.0\5CVON9B4.E9Y\MM1AYZDA.G5A\opsp..tion_adb547f5da16c400_0004.0003_3d0bd2c2e1e294fa\OpsProjectorUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP30-13034/webex/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{0DCD5FB0-8FE9-49FC-A86A-B46918D9299D} : DhcpNameServer = 192.168.100.4 192.168.100.6
TCP: Interfaces\{76975E50-310E-40C8-8442-3FF0F633B396} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{76975E50-310E-40C8-8442-3FF0F633B396}\261627E61636C656 : DhcpNameServer = 66.174.95.44 66.174.92.14
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
BHO-X64: Freecorder Toolbar - No File
BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Freecorder Toolbar: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kmitchell\AppData\Roaming\Mozilla\Firefox\Profiles\950sra5n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Users\kmitchell\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 iaNvStor;Intel(R) Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-8-12 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-8-12 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-8-12 93032]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-8-12 148840]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-8-18 1846592]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-8-12 144232]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-8-12 64952]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-3-31 579264]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-8-12 45496]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-17 1153368]
S3 COH_Mon;COH_Mon;\??\C:\Windows\system32\Drivers\COH_Mon.sys --> C:\Windows\system32\Drivers\COH_Mon.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-12 477032]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\6963.tmp --> C:\Windows\system32\6963.tmp [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-8-12 83304]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-17 13:55:00 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-17 13:55:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-11 15:33:33 388096 ----a-r- C:\Users\kmitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 15:33:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-11 15:21:00 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-11 14:46:16 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2011-11-11 14:19:43 6144 ------w- C:\Windows\System32\6963.tmp
2011-11-11 14:18:06 6144 ------w- C:\Windows\System32\ED02.tmp
2011-11-11 14:17:57 -------- d-----w- C:\Program Files (x86)\Sophos
2011-11-11 13:43:48 -------- d-----w- C:\Users\kmitchell\AppData\Roaming\Malwarebytes
2011-11-10 14:31:07 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-10 14:31:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-10 14:16:49 -------- d-----w- C:\Windows\System32\appmgmt
2011-11-09 12:40:06 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 12:40:06 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 12:40:05 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 12:40:03 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-02 22:08:10 -------- d-----w- C:\Users\kmitchell\AppData\Local\Apple
2011-11-02 17:59:48 -------- d-----w- C:\Users\kmitchell\AppData\Roaming\webex
2011-11-02 17:59:29 -------- d-----w- C:\ProgramData\WebEx
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
==================== Find3M ====================
.
2011-11-21 20:27:12 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-09-20 18:35:46 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 19:05:57.12 ===============
 
Joined
Aug 9, 2011
Messages
808
Hi and welcome to TSG.

I am reviewing your logs and will respond with a reply as soon as I can.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.
 

sapphire69

Thread Starter
Joined
Nov 14, 2011
Messages
24
Hello Larusso,

Thank you so much for your assistance! I will wait for your instructions.

Have a nice holiday!
 
Joined
Aug 9, 2011
Messages
808
Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.



Please post in your next reply
TDSSKiller Log
 

sapphire69

Thread Starter
Joined
Nov 14, 2011
Messages
24
Good morning, Daniel! Thank you again for your assistance! I ran the TDSS program and no threats were found. Here are the contents of the log.


07:45:42.0243 5496 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
07:45:42.0633 5496 ============================================================
07:45:42.0633 5496 Current date / time: 2011/11/24 07:45:42.0633
07:45:42.0633 5496 SystemInfo:
07:45:42.0633 5496
07:45:42.0633 5496 OS Version: 6.1.7601 ServicePack: 1.0
07:45:42.0633 5496 Product type: Workstation
07:45:42.0633 5496 ComputerName: KMITCHELL-WIN7
07:45:42.0633 5496 UserName: kmitchell
07:45:42.0633 5496 Windows directory: C:\Windows
07:45:42.0633 5496 System windows directory: C:\Windows
07:45:42.0633 5496 Running under WOW64
07:45:42.0633 5496 Processor architecture: Intel x64
07:45:42.0633 5496 Number of processors: 2
07:45:42.0633 5496 Page size: 0x1000
07:45:42.0633 5496 Boot type: Normal boot
07:45:42.0633 5496 ============================================================
07:45:43.0787 5496 Initialize success
07:46:01.0930 3104 ============================================================
07:46:01.0930 3104 Scan started
07:46:01.0930 3104 Mode: Manual;
07:46:01.0930 3104 ============================================================
07:46:05.0752 3104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
07:46:05.0768 3104 1394ohci - ok
07:46:05.0815 3104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:46:05.0830 3104 ACPI - ok
07:46:05.0846 3104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:46:05.0846 3104 AcpiPmi - ok
07:46:05.0908 3104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
07:46:05.0939 3104 adp94xx - ok
07:46:05.0955 3104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
07:46:05.0986 3104 adpahci - ok
07:46:06.0017 3104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
07:46:06.0049 3104 adpu320 - ok
07:46:06.0142 3104 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:46:06.0158 3104 AFD - ok
07:46:06.0189 3104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:46:06.0205 3104 agp440 - ok
07:46:06.0236 3104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:46:06.0251 3104 aliide - ok
07:46:06.0345 3104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:46:06.0345 3104 amdide - ok
07:46:06.0361 3104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
07:46:06.0423 3104 AmdK8 - ok
07:46:06.0439 3104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
07:46:06.0439 3104 AmdPPM - ok
07:46:06.0501 3104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:46:06.0532 3104 amdsata - ok
07:46:06.0548 3104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
07:46:06.0548 3104 amdsbs - ok
07:46:06.0579 3104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:46:06.0595 3104 amdxata - ok
07:46:06.0641 3104 ApfiltrService (f41e7c078d07118ef7cbea0a74fa1deb) C:\Windows\system32\DRIVERS\Apfiltr.sys
07:46:06.0641 3104 ApfiltrService - ok
07:46:06.0688 3104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:46:06.0688 3104 AppID - ok
07:46:06.0797 3104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
07:46:06.0797 3104 arc - ok
07:46:06.0829 3104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
07:46:06.0829 3104 arcsas - ok
07:46:06.0860 3104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:46:06.0907 3104 AsyncMac - ok
07:46:06.0938 3104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:46:06.0953 3104 atapi - ok
07:46:07.0031 3104 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
07:46:07.0109 3104 athr - ok
07:46:07.0250 3104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
07:46:07.0297 3104 b06bdrv - ok
07:46:07.0328 3104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:46:07.0328 3104 b57nd60a - ok
07:46:07.0359 3104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:46:07.0375 3104 Beep - ok
07:46:07.0421 3104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:46:07.0421 3104 blbdrive - ok
07:46:07.0453 3104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:46:07.0468 3104 bowser - ok
07:46:07.0499 3104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
07:46:07.0499 3104 BrFiltLo - ok
07:46:07.0515 3104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
07:46:07.0515 3104 BrFiltUp - ok
07:46:07.0546 3104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:46:07.0562 3104 Brserid - ok
07:46:07.0640 3104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:46:07.0640 3104 BrSerWdm - ok
07:46:07.0655 3104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:46:07.0687 3104 BrUsbMdm - ok
07:46:07.0702 3104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:46:07.0702 3104 BrUsbSer - ok
07:46:07.0733 3104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
07:46:07.0733 3104 BTHMODEM - ok
07:46:07.0780 3104 CAXHWAZL (9c4e50bea239e2d45099ec919f779db0) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
07:46:07.0780 3104 CAXHWAZL - ok
07:46:07.0827 3104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:46:07.0843 3104 cdfs - ok
07:46:07.0889 3104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:46:07.0889 3104 cdrom - ok
07:46:07.0921 3104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
07:46:07.0936 3104 circlass - ok
07:46:07.0983 3104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:46:08.0014 3104 CLFS - ok
07:46:08.0139 3104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:46:08.0155 3104 CmBatt - ok
07:46:08.0170 3104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:46:08.0201 3104 cmdide - ok
07:46:08.0248 3104 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:46:08.0264 3104 CNG - ok
07:46:08.0295 3104 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
07:46:08.0311 3104 CnxtHdAudService - ok
07:46:08.0357 3104 COH_Mon (2e1dfcd558b716323152b009b037cc42) C:\Windows\system32\Drivers\COH_Mon.sys
07:46:08.0373 3104 COH_Mon - ok
07:46:08.0420 3104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:46:08.0435 3104 Compbatt - ok
07:46:08.0467 3104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:46:08.0482 3104 CompositeBus - ok
07:46:08.0545 3104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
07:46:08.0576 3104 crcdisk - ok
07:46:08.0638 3104 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:46:08.0654 3104 CSC - ok
07:46:08.0685 3104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:46:08.0685 3104 DfsC - ok
07:46:08.0701 3104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:46:08.0701 3104 discache - ok
07:46:08.0763 3104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
07:46:08.0779 3104 Disk - ok
07:46:08.0810 3104 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
07:46:08.0810 3104 dmvsc - ok
07:46:08.0935 3104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:46:08.0935 3104 drmkaud - ok
07:46:09.0013 3104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:46:09.0028 3104 DXGKrnl - ok
07:46:09.0137 3104 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
07:46:09.0137 3104 DzHDD64 - ok
07:46:09.0262 3104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
07:46:09.0309 3104 ebdrv - ok
07:46:09.0418 3104 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
07:46:09.0465 3104 eeCtrl - ok
07:46:09.0590 3104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
07:46:09.0590 3104 elxstor - ok
07:46:09.0637 3104 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:46:09.0637 3104 EraserUtilRebootDrv - ok
07:46:09.0652 3104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:46:09.0652 3104 ErrDev - ok
07:46:09.0699 3104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:46:09.0699 3104 exfat - ok
07:46:09.0730 3104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:46:09.0730 3104 fastfat - ok
07:46:09.0793 3104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
07:46:09.0824 3104 fdc - ok
07:46:09.0917 3104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:46:09.0964 3104 FileInfo - ok
07:46:09.0980 3104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:46:09.0980 3104 Filetrace - ok
07:46:10.0011 3104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
07:46:10.0011 3104 flpydisk - ok
07:46:10.0042 3104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:46:10.0042 3104 FltMgr - ok
07:46:10.0073 3104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:46:10.0073 3104 FsDepends - ok
07:46:10.0089 3104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:46:10.0089 3104 Fs_Rec - ok
07:46:10.0105 3104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:46:10.0120 3104 fvevol - ok
07:46:10.0136 3104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
07:46:10.0136 3104 gagp30kx - ok
07:46:10.0167 3104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:46:10.0167 3104 hcw85cir - ok
07:46:10.0214 3104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:46:10.0229 3104 HdAudAddService - ok
07:46:10.0276 3104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:46:10.0276 3104 HDAudBus - ok
07:46:10.0354 3104 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
07:46:10.0401 3104 HECIx64 - ok
07:46:10.0432 3104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
07:46:10.0432 3104 HidBatt - ok
07:46:10.0463 3104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
07:46:10.0463 3104 HidBth - ok
07:46:10.0479 3104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
07:46:10.0479 3104 HidIr - ok
07:46:10.0526 3104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:46:10.0526 3104 HidUsb - ok
07:46:10.0557 3104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:46:10.0573 3104 HpSAMD - ok
07:46:10.0651 3104 HSF_DPV (5a518b63d408b2dbc1778788456e1a66) C:\Windows\system32\DRIVERS\CAX_DPV.sys
07:46:10.0682 3104 HSF_DPV - ok
07:46:10.0791 3104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:46:10.0807 3104 HTTP - ok
07:46:10.0838 3104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:46:10.0853 3104 hwpolicy - ok
07:46:10.0900 3104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:46:10.0900 3104 i8042prt - ok
07:46:10.0978 3104 iaNvStor (051e73f94f932b5975b6765e3b2f7dc6) C:\Windows\system32\DRIVERS\iaNvStor.sys
07:46:10.0978 3104 iaNvStor - ok
07:46:11.0087 3104 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
07:46:11.0134 3104 iaStor - ok
07:46:11.0197 3104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:46:11.0228 3104 iaStorV - ok
07:46:11.0275 3104 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
07:46:11.0275 3104 IBMPMDRV - ok
07:46:11.0618 3104 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:46:11.0930 3104 igfx - ok
07:46:12.0023 3104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
07:46:12.0055 3104 iirsp - ok
07:46:12.0086 3104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:46:12.0086 3104 intelide - ok
07:46:12.0133 3104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:46:12.0133 3104 intelppm - ok
07:46:12.0148 3104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:46:12.0148 3104 IpFilterDriver - ok
07:46:12.0179 3104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:46:12.0179 3104 IPMIDRV - ok
07:46:12.0195 3104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:46:12.0226 3104 IPNAT - ok
07:46:12.0257 3104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:46:12.0273 3104 IRENUM - ok
07:46:12.0289 3104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:46:12.0304 3104 isapnp - ok
07:46:12.0335 3104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:46:12.0367 3104 iScsiPrt - ok
07:46:12.0413 3104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:46:12.0429 3104 kbdclass - ok
07:46:12.0523 3104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:46:12.0569 3104 kbdhid - ok
07:46:12.0585 3104 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:46:12.0601 3104 KSecDD - ok
07:46:12.0616 3104 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:46:12.0647 3104 KSecPkg - ok
07:46:12.0663 3104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:46:12.0679 3104 ksthunk - ok
07:46:12.0741 3104 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
07:46:12.0741 3104 lenovo.smi - ok
07:46:12.0803 3104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:46:12.0803 3104 lltdio - ok
07:46:12.0835 3104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
07:46:12.0835 3104 LSI_FC - ok
07:46:12.0866 3104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
07:46:12.0866 3104 LSI_SAS - ok
07:46:12.0959 3104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
07:46:12.0959 3104 LSI_SAS2 - ok
07:46:12.0991 3104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
07:46:12.0991 3104 LSI_SCSI - ok
07:46:13.0022 3104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:46:13.0022 3104 luafv - ok
07:46:13.0069 3104 mdmxsdk (fc631425ed761ea1f24738aa15ff5a7d) C:\Windows\system32\DRIVERS\mdmxsdk.sys
07:46:13.0084 3104 mdmxsdk - ok
07:46:13.0100 3104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
07:46:13.0100 3104 megasas - ok
07:46:13.0131 3104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
07:46:13.0147 3104 MegaSR - ok
07:46:13.0193 3104 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\6963.tmp
07:46:13.0209 3104 MEMSWEEP2 - ok
07:46:13.0303 3104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:46:13.0303 3104 Modem - ok
07:46:13.0334 3104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:46:13.0334 3104 monitor - ok
07:46:13.0381 3104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:46:13.0381 3104 mouclass - ok
07:46:13.0427 3104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:46:13.0427 3104 mouhid - ok
07:46:13.0443 3104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:46:13.0474 3104 mountmgr - ok
07:46:13.0490 3104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:46:13.0490 3104 mpio - ok
07:46:13.0521 3104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:46:13.0537 3104 mpsdrv - ok
07:46:13.0568 3104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:46:13.0568 3104 MRxDAV - ok
07:46:13.0599 3104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:46:13.0615 3104 mrxsmb - ok
07:46:13.0708 3104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:46:13.0708 3104 mrxsmb10 - ok
07:46:13.0739 3104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:46:13.0739 3104 mrxsmb20 - ok
07:46:13.0771 3104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:46:13.0771 3104 msahci - ok
07:46:13.0802 3104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:46:13.0864 3104 msdsm - ok
07:46:13.0895 3104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:46:13.0895 3104 Msfs - ok
07:46:13.0927 3104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:46:13.0942 3104 mshidkmdf - ok
07:46:13.0958 3104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:46:13.0958 3104 msisadrv - ok
07:46:14.0005 3104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:46:14.0020 3104 MSKSSRV - ok
07:46:14.0020 3104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:46:14.0036 3104 MSPCLOCK - ok
07:46:14.0036 3104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:46:14.0051 3104 MSPQM - ok
07:46:14.0098 3104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:46:14.0098 3104 MsRPC - ok
07:46:14.0114 3104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:46:14.0114 3104 mssmbios - ok
07:46:14.0192 3104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:46:14.0192 3104 MSTEE - ok
07:46:14.0207 3104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
07:46:14.0207 3104 MTConfig - ok
07:46:14.0239 3104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:46:14.0254 3104 Mup - ok
07:46:14.0301 3104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:46:14.0301 3104 NativeWifiP - ok
07:46:14.0441 3104 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111123.036\ENG64.SYS
07:46:14.0441 3104 NAVENG - ok
07:46:14.0535 3104 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111123.036\EX64.SYS
07:46:14.0566 3104 NAVEX15 - ok
07:46:14.0707 3104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:46:14.0722 3104 NDIS - ok
07:46:14.0753 3104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:46:14.0753 3104 NdisCap - ok
07:46:14.0785 3104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:46:14.0816 3104 NdisTapi - ok
07:46:14.0847 3104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:46:14.0847 3104 Ndisuio - ok
07:46:14.0863 3104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:46:14.0863 3104 NdisWan - ok
07:46:14.0878 3104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:46:14.0878 3104 NDProxy - ok
07:46:14.0909 3104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:46:14.0941 3104 NetBIOS - ok
07:46:15.0034 3104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:46:15.0034 3104 NetBT - ok
07:46:15.0097 3104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
07:46:15.0097 3104 nfrd960 - ok
07:46:15.0128 3104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:46:15.0143 3104 Npfs - ok
07:46:15.0175 3104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:46:15.0190 3104 nsiproxy - ok
07:46:15.0268 3104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:46:15.0315 3104 Ntfs - ok
07:46:15.0409 3104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:46:15.0409 3104 Null - ok
07:46:15.0440 3104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:46:15.0471 3104 nvraid - ok
07:46:15.0518 3104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:46:15.0518 3104 nvstor - ok
07:46:15.0549 3104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:46:15.0580 3104 nv_agp - ok
07:46:15.0627 3104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:46:15.0658 3104 ohci1394 - ok
07:46:15.0721 3104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
07:46:15.0736 3104 Parport - ok
07:46:15.0767 3104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:46:15.0767 3104 partmgr - ok
07:46:15.0783 3104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:46:15.0799 3104 pci - ok
07:46:15.0799 3104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:46:15.0799 3104 pciide - ok
07:46:15.0830 3104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:46:15.0861 3104 pcmcia - ok
07:46:15.0939 3104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:46:15.0939 3104 pcw - ok
07:46:15.0970 3104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:46:16.0017 3104 PEAUTH - ok
07:46:16.0142 3104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:46:16.0157 3104 PptpMiniport - ok
07:46:16.0173 3104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
07:46:16.0204 3104 Processor - ok
07:46:16.0267 3104 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\Windows\system32\DRIVERS\psadd.sys
07:46:16.0267 3104 psadd - ok
07:46:16.0298 3104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:46:16.0313 3104 Psched - ok
07:46:16.0485 3104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
07:46:16.0547 3104 ql2300 - ok
07:46:16.0579 3104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
07:46:16.0579 3104 ql40xx - ok
07:46:16.0610 3104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:46:16.0641 3104 QWAVEdrv - ok
07:46:16.0672 3104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:46:16.0672 3104 RasAcd - ok
07:46:16.0735 3104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:46:16.0766 3104 RasAgileVpn - ok
07:46:16.0844 3104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:46:16.0844 3104 Rasl2tp - ok
07:46:16.0875 3104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:46:16.0906 3104 RasPppoe - ok
07:46:16.0937 3104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:46:16.0953 3104 RasSstp - ok
07:46:16.0984 3104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:46:16.0984 3104 rdbss - ok
07:46:17.0000 3104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:46:17.0015 3104 rdpbus - ok
07:46:17.0031 3104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:46:17.0047 3104 RDPCDD - ok
07:46:17.0093 3104 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:46:17.0109 3104 RDPDR - ok
07:46:17.0140 3104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:46:17.0156 3104 RDPENCDD - ok
07:46:17.0187 3104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:46:17.0187 3104 RDPREFMP - ok
07:46:17.0203 3104 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:46:17.0203 3104 RDPWD - ok
07:46:17.0249 3104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:46:17.0249 3104 rdyboost - ok
07:46:17.0312 3104 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys
07:46:17.0312 3104 rimmptsk - ok
07:46:17.0359 3104 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys
07:46:17.0359 3104 rimsptsk - ok
07:46:17.0390 3104 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys
07:46:17.0390 3104 rismxdp - ok
07:46:17.0468 3104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:46:17.0468 3104 rspndr - ok
07:46:17.0499 3104 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:46:17.0499 3104 s3cap - ok
07:46:17.0515 3104 SAVRKBootTasks - ok
07:46:17.0561 3104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:46:17.0561 3104 sbp2port - ok
07:46:17.0608 3104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:46:17.0608 3104 scfilter - ok
07:46:17.0686 3104 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
07:46:17.0733 3104 sdbus - ok
07:46:17.0811 3104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:46:17.0811 3104 secdrv - ok
07:46:17.0858 3104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
07:46:17.0858 3104 Serenum - ok
07:46:17.0905 3104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
07:46:17.0905 3104 Serial - ok
07:46:17.0936 3104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
07:46:17.0936 3104 sermouse - ok
07:46:17.0983 3104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:46:17.0998 3104 sffdisk - ok
07:46:18.0014 3104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:46:18.0029 3104 sffp_mmc - ok
07:46:18.0045 3104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:46:18.0045 3104 sffp_sd - ok
07:46:18.0061 3104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
07:46:18.0061 3104 sfloppy - ok
07:46:18.0139 3104 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
07:46:18.0185 3104 Shockprf - ok
07:46:18.0232 3104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
07:46:18.0248 3104 SiSRaid2 - ok
07:46:18.0263 3104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
07:46:18.0326 3104 SiSRaid4 - ok
07:46:18.0357 3104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:46:18.0357 3104 Smb - ok
07:46:18.0419 3104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:46:18.0435 3104 spldr - ok
07:46:18.0497 3104 SRTSP (c0691f43ea87761b67df6384cfc30b8d) C:\Windows\system32\Drivers\SRTSP64.SYS
07:46:18.0497 3104 SRTSP - ok
07:46:18.0529 3104 SRTSPL (b0304f6120848db7d7709843e2294705) C:\Windows\system32\Drivers\SRTSPL64.SYS
07:46:18.0544 3104 SRTSPL - ok
07:46:18.0575 3104 SRTSPX (165fde7386d792efac992eea34d03bc1) C:\Windows\system32\Drivers\SRTSPX64.SYS
07:46:18.0575 3104 SRTSPX - ok
07:46:18.0638 3104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:46:18.0669 3104 srv - ok
07:46:18.0700 3104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:46:18.0716 3104 srv2 - ok
07:46:18.0763 3104 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
07:46:18.0763 3104 SrvHsfHDA - ok
07:46:18.0809 3104 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
07:46:18.0841 3104 SrvHsfV92 - ok
07:46:18.0887 3104 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
07:46:18.0919 3104 SrvHsfWinac - ok
07:46:18.0965 3104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:46:18.0997 3104 srvnet - ok
07:46:19.0043 3104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
07:46:19.0075 3104 stexstor - ok
07:46:19.0137 3104 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:46:19.0137 3104 storflt - ok
07:46:19.0184 3104 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:46:19.0184 3104 storvsc - ok
07:46:19.0231 3104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:46:19.0231 3104 swenum - ok
07:46:19.0293 3104 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
07:46:19.0293 3104 SymEvent - ok
07:46:19.0465 3104 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:46:19.0511 3104 Tcpip - ok
07:46:19.0589 3104 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:46:19.0621 3104 TCPIP6 - ok
07:46:19.0652 3104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:46:19.0652 3104 tcpipreg - ok
07:46:19.0683 3104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:46:19.0699 3104 TDPIPE - ok
07:46:19.0714 3104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:46:19.0714 3104 TDTCP - ok
07:46:19.0777 3104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:46:19.0823 3104 tdx - ok
07:46:19.0855 3104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
07:46:19.0870 3104 TermDD - ok
07:46:19.0917 3104 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
07:46:19.0917 3104 TPDIGIMN - ok
07:46:19.0995 3104 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
07:46:19.0995 3104 TPM - ok
07:46:20.0042 3104 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
07:46:20.0073 3104 TPPWRIF - ok
07:46:20.0182 3104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:46:20.0213 3104 tssecsrv - ok
07:46:20.0245 3104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:46:20.0276 3104 TsUsbFlt - ok
07:46:20.0291 3104 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
07:46:20.0307 3104 TsUsbGD - ok
07:46:20.0354 3104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:46:20.0369 3104 tunnel - ok
07:46:20.0401 3104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
07:46:20.0416 3104 uagp35 - ok
07:46:20.0463 3104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:46:20.0479 3104 udfs - ok
07:46:20.0510 3104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:46:20.0541 3104 uliagpkx - ok
07:46:20.0572 3104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:46:20.0603 3104 umbus - ok
07:46:20.0619 3104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
07:46:20.0635 3104 UmPass - ok
07:46:20.0681 3104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:46:20.0681 3104 usbccgp - ok
07:46:20.0744 3104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:46:20.0744 3104 usbcir - ok
07:46:20.0775 3104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:46:20.0775 3104 usbehci - ok
07:46:20.0822 3104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:46:20.0869 3104 usbhub - ok
07:46:20.0900 3104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:46:20.0915 3104 usbohci - ok
07:46:20.0931 3104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
07:46:20.0931 3104 usbprint - ok
07:46:20.0978 3104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:46:20.0993 3104 USBSTOR - ok
07:46:21.0025 3104 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
07:46:21.0025 3104 usbuhci - ok
07:46:21.0071 3104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:46:21.0087 3104 vdrvroot - ok
07:46:21.0103 3104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:46:21.0118 3104 vga - ok
07:46:21.0149 3104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:46:21.0149 3104 VgaSave - ok
07:46:21.0181 3104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:46:21.0181 3104 vhdmp - ok
07:46:21.0243 3104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:46:21.0243 3104 viaide - ok
07:46:21.0274 3104 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:46:21.0305 3104 vmbus - ok
07:46:21.0321 3104 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:46:21.0337 3104 VMBusHID - ok
07:46:21.0368 3104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:46:21.0368 3104 volmgr - ok
07:46:21.0399 3104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:46:21.0399 3104 volmgrx - ok
07:46:21.0446 3104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:46:21.0477 3104 volsnap - ok
07:46:21.0555 3104 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
07:46:21.0586 3104 vpnva - ok
07:46:21.0602 3104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
07:46:21.0649 3104 vsmraid - ok
07:46:21.0680 3104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:46:21.0695 3104 vwifibus - ok
07:46:21.0742 3104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:46:21.0758 3104 vwififlt - ok
07:46:21.0805 3104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
07:46:21.0805 3104 WacomPen - ok
07:46:21.0851 3104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:46:21.0851 3104 WANARP - ok
07:46:21.0867 3104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:46:21.0867 3104 Wanarpv6 - ok
07:46:21.0945 3104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
07:46:21.0945 3104 Wd - ok
07:46:21.0992 3104 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
07:46:21.0992 3104 WDC_SAM - ok
07:46:22.0039 3104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:46:22.0085 3104 Wdf01000 - ok
07:46:22.0195 3104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:46:22.0210 3104 WfpLwf - ok
07:46:22.0226 3104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:46:22.0257 3104 WIMMount - ok
07:46:22.0304 3104 winachsf (7387ce6730baab8254da0ce3776a4b28) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
07:46:22.0304 3104 winachsf - ok
07:46:22.0397 3104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:46:22.0397 3104 WmiAcpi - ok
07:46:22.0444 3104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:46:22.0460 3104 ws2ifsl - ok
07:46:22.0569 3104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:46:22.0585 3104 WudfPf - ok
07:46:22.0616 3104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:46:22.0616 3104 WUDFRd - ok
07:46:22.0663 3104 XAudio (9907bc1cc78c37073ac78a4541710b61) C:\Windows\system32\DRIVERS\XAudio64.sys
07:46:22.0663 3104 XAudio - ok
07:46:22.0725 3104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:46:22.0725 3104 \Device\Harddisk0\DR0 - ok
07:46:22.0741 3104 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR18
07:46:22.0741 3104 \Device\Harddisk1\DR18 - ok
07:46:22.0741 3104 Boot (0x1200) (592d24ca9b64e889e93be5695a4bb97b) \Device\Harddisk0\DR0\Partition0
07:46:22.0741 3104 \Device\Harddisk0\DR0\Partition0 - ok
07:46:22.0756 3104 Boot (0x1200) (ca789749f408115a52914f9c90a1e750) \Device\Harddisk0\DR0\Partition1
07:46:22.0756 3104 \Device\Harddisk0\DR0\Partition1 - ok
07:46:22.0772 3104 Boot (0x1200) (d149577f68b48ece24e3d56f252de7c5) \Device\Harddisk1\DR18\Partition0
07:46:22.0772 3104 \Device\Harddisk1\DR18\Partition0 - ok
07:46:22.0772 3104 ============================================================
07:46:22.0772 3104 Scan finished
07:46:22.0772 3104 ============================================================
07:46:22.0787 4264 Detected object count: 0
07:46:22.0787 4264 Actual detected object count: 0
 
Joined
Aug 9, 2011
Messages
808
Hy there,

In this next post I want you to run a couple of extra scans for me.


Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can use this thread as a guide.

Please include the C:\ComboFix.txt in your next reply for further review.



Please download mbrfix.exe from here --> Download

Scroll down to locate mbrfix.exe and in the lower right corner of the tool info, you'll see the Download link. It's important that you save it directly to the C:\ drive and extract it to that same location.



Please press the
+ R Key and type notepad into the Run box.
Copy/paste the entire contents of the codebox below, into notepad:

Code:
@echo off
cd \
mbrfix64.exe /drive 0 savembr MBRlook
zip "%userprofile%\desktop\mbrlook" mbrlook
del %0
  • Now on the top of the window choose File --> Save as
  • Into the Save as line type in mbr.bat
  • Change the Save as type to All Files (*.*)
  • Save it on your Desktop.

    It should look like this

  • Run the mbr.bat

This batch file will create a mbrlook.zip file on your desktop. Please attach this in your next reply.



Please post in your next reply
Combofix.txt
MBRlook.zip ( attached )
 

sapphire69

Thread Starter
Joined
Nov 14, 2011
Messages
24
Hi Daniel!

I have attempted more than once to run the ComboFix and I'm unable to do so. I was able to download it to my desktop but when I run it, it goes through the extraction and then it doesn't do anything at all.

I will wait for further instruction from you.
 
Joined
Aug 9, 2011
Messages
808
Hy there,
please move on with with MBRFix.exe

Note: If the MBRLook.zip has not been created on your desktop, please look in C: for a file mbrlook ( does not have an extension ), rightclick --> send to --> Compressed (Zipped) Folder

and attach this .zip file in your next reply :)
 

sapphire69

Thread Starter
Joined
Nov 14, 2011
Messages
24
Hi Daniel! Thank you so much for staying with me! Apparently, I didn't wait long enough for the Combo Fix to start but, after getting a warning that Symantec Endpoint was still running, it went ahead and ran. Here is the resulting log. It took a VERY long time!

I have also attached the MBR zip file, althought the window said no batch file was found.

I will wait to hear from you before doing anything further.



ComboFix 11-11-24.01 - kmitchell 11/24/2011 17:38:22.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.2373 [GMT -5:00]
Running from: c:\users\kmitchell\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LP
c:\program files (x86)\LP\1D83\186.exe
c:\program files (x86)\LP\1D83\24D7.tmp
c:\program files (x86)\LP\1D83\9784.tmp
c:\program files (x86)\LP\1D83\D965.tmp
C:\Skype
c:\skype\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\Skype.msi
c:\skype\Apps\pcj\assets\promotions\content_ar.json
c:\skype\Apps\pcj\assets\promotions\content_bg.json
c:\skype\Apps\pcj\assets\promotions\content_cs.json
c:\skype\Apps\pcj\assets\promotions\content_da.json
c:\skype\Apps\pcj\assets\promotions\content_de.json
c:\skype\Apps\pcj\assets\promotions\content_el.json
c:\skype\Apps\pcj\assets\promotions\content_es.json
c:\skype\Apps\pcj\assets\promotions\content_fi.json
c:\skype\Apps\pcj\assets\promotions\content_fr.json
c:\skype\Apps\pcj\assets\promotions\content_he.json
c:\skype\Apps\pcj\assets\promotions\content_hu.json
c:\skype\Apps\pcj\assets\promotions\content_id.json
c:\skype\Apps\pcj\assets\promotions\content_it.json
c:\skype\Apps\pcj\assets\promotions\content_ja.json
c:\skype\Apps\pcj\assets\promotions\content_ko.json
c:\skype\Apps\pcj\assets\promotions\content_lt.json
c:\skype\Apps\pcj\assets\promotions\content_lv.json
c:\skype\Apps\pcj\assets\promotions\content_nl.json
c:\skype\Apps\pcj\assets\promotions\content_no.json
c:\skype\Apps\pcj\assets\promotions\content_pl.json
c:\skype\Apps\pcj\assets\promotions\content_pt-BR.json
c:\skype\Apps\pcj\assets\promotions\content_pt.json
c:\skype\Apps\pcj\assets\promotions\content_ro.json
c:\skype\Apps\pcj\assets\promotions\content_ru.json
c:\skype\Apps\pcj\assets\promotions\content_sv.json
c:\skype\Apps\pcj\assets\promotions\content_tr.json
c:\skype\Apps\pcj\assets\promotions\content_uk.json
c:\skype\Apps\pcj\assets\promotions\content_vi.json
c:\skype\Apps\pcj\assets\promotions\content_zh-Hans.json
c:\skype\Apps\pcj\assets\promotions\content_zh-Hant.json
c:\skype\Apps\pcj\i\css\main.css
c:\skype\Apps\pcj\i\images\backgrounds\avatar-bg-98x98.png
c:\skype\Apps\pcj\i\images\backgrounds\clouds.png
c:\skype\Apps\pcj\i\images\backgrounds\clouds32.png
c:\skype\Apps\pcj\i\images\backgrounds\header-gradient.png
c:\skype\Apps\pcj\i\images\buttons\16_button.png
c:\skype\Apps\pcj\i\images\buttons\16_button_gray.gif
c:\skype\Apps\pcj\i\images\buttons\16_button_gray_group.gif
c:\skype\Apps\pcj\i\images\buttons\16_button_gray_group.png
c:\skype\Apps\pcj\i\images\buttons\16_call_button.gif
c:\skype\Apps\pcj\i\images\buttons\16_call_button.png
c:\skype\Apps\pcj\i\images\buttons\25_add_button.gif
c:\skype\Apps\pcj\i\images\buttons\25_add_button.png
c:\skype\Apps\pcj\i\images\buttons\25_button.png
c:\skype\Apps\pcj\i\images\buttons\25_button_gray.gif
c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_green_split.gif
c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_green_split.png
c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_split.gif
c:\skype\Apps\pcj\i\images\buttons\25_buttongroup_split.png
c:\skype\Apps\pcj\i\images\buttons\25_green_button.gif
c:\skype\Apps\pcj\i\images\buttons\25_green_button.png
c:\skype\Apps\pcj\i\images\buttons\25_home_button.gif
c:\skype\Apps\pcj\i\images\buttons\25_home_button.png
c:\skype\Apps\pcj\i\images\buttons\25_roundbutton.png
c:\skype\Apps\pcj\i\images\buttons\25_roundbutton_gray.gif
c:\skype\Apps\pcj\i\images\buttons\close.gif
c:\skype\Apps\pcj\i\images\buttons\close.png
c:\skype\Apps\pcj\i\images\buttons\input_clear.png
c:\skype\Apps\pcj\i\images\buttons\toggle_contacts.png
c:\skype\Apps\pcj\i\images\buttons\toggle_contacts_32.png
c:\skype\Apps\pcj\i\images\profile-96x96.png
c:\skype\Apps\pcj\i\images\promotions\callquality-illustration.png
c:\skype\Apps\pcj\i\images\promotions\success-illustration.png
c:\skype\Apps\pcj\i\images\skypeout-96x96.png
c:\skype\Apps\pcj\i\images\spinner.gif
c:\skype\Apps\pcj\i\js\config.js
c:\skype\Apps\pcj\i\js\core.js
c:\skype\Apps\pcj\i\js\languages\ar.js
c:\skype\Apps\pcj\i\js\languages\bg.js
c:\skype\Apps\pcj\i\js\languages\cs.js
c:\skype\Apps\pcj\i\js\languages\da.js
c:\skype\Apps\pcj\i\js\languages\de.js
c:\skype\Apps\pcj\i\js\languages\el.js
c:\skype\Apps\pcj\i\js\languages\en.js
c:\skype\Apps\pcj\i\js\languages\es.js
c:\skype\Apps\pcj\i\js\languages\et.js
c:\skype\Apps\pcj\i\js\languages\fi.js
c:\skype\Apps\pcj\i\js\languages\fr.js
c:\skype\Apps\pcj\i\js\languages\he.js
c:\skype\Apps\pcj\i\js\languages\hu.js
c:\skype\Apps\pcj\i\js\languages\id.js
c:\skype\Apps\pcj\i\js\languages\it.js
c:\skype\Apps\pcj\i\js\languages\ja.js
c:\skype\Apps\pcj\i\js\languages\ko.js
c:\skype\Apps\pcj\i\js\languages\lt.js
c:\skype\Apps\pcj\i\js\languages\lv.js
c:\skype\Apps\pcj\i\js\languages\nl.js
c:\skype\Apps\pcj\i\js\languages\no.js
c:\skype\Apps\pcj\i\js\languages\pl.js
c:\skype\Apps\pcj\i\js\languages\pt-BR.js
c:\skype\Apps\pcj\i\js\languages\pt.js
c:\skype\Apps\pcj\i\js\languages\ro.js
c:\skype\Apps\pcj\i\js\languages\ru.js
c:\skype\Apps\pcj\i\js\languages\sv.js
c:\skype\Apps\pcj\i\js\languages\tr.js
c:\skype\Apps\pcj\i\js\languages\uk.js
c:\skype\Apps\pcj\i\js\languages\vi.js
c:\skype\Apps\pcj\i\js\languages\zh-Hans.js
c:\skype\Apps\pcj\i\js\languages\zh-Hant.js
c:\skype\Apps\pcj\index.html
c:\skype\Apps\skypehome\i\images\alert_expanded_bg_1x4.png
c:\skype\Apps\skypehome\i\images\avatarview\Add_80x16_x3.png
c:\skype\Apps\skypehome\i\images\avatarview\AvatarPlaceholder_98x98.png
c:\skype\Apps\skypehome\i\images\avatarview\AvatarShadow_98x98.png
c:\skype\Apps\skypehome\i\images\avatarview\ButtonBackground_72x38.png
c:\skype\Apps\skypehome\i\images\avatarview\CallEnd_32x32_x3.png
c:\skype\Apps\skypehome\i\images\avatarview\CallStart_32x32_x3.png
c:\skype\Apps\skypehome\i\images\avatarview\Message_32x32_x3.png
c:\skype\Apps\skypehome\i\images\bg_1x4_x1.png
c:\skype\Apps\skypehome\i\images\Bubbles-rtl_10x9_x2.png
c:\skype\Apps\skypehome\i\images\Bubbles_10x9_x2.png
c:\skype\Apps\skypehome\i\images\button_16_left.png
c:\skype\Apps\skypehome\i\images\button_16_right.png
c:\skype\Apps\skypehome\i\images\Button_50x16_x5.png
c:\skype\Apps\skypehome\i\images\buttons\25_button.png
c:\skype\Apps\skypehome\i\images\buttons\25_button_blue.png
c:\skype\Apps\skypehome\i\images\buttons\25_button_light_blue.png
c:\skype\Apps\skypehome\i\images\buttons\32_button.png
c:\skype\Apps\skypehome\i\images\buttons\buttons.png
c:\skype\Apps\skypehome\i\images\Close_16x16_x3.png
c:\skype\Apps\skypehome\i\images\Connecting_40x40_x36_anim.gif
c:\skype\Apps\skypehome\i\images\education-bar-bg.png
c:\skype\Apps\skypehome\i\images\fancybox\blank.gif
c:\skype\Apps\skypehome\i\images\fancybox\fancy_close.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_loading.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_nav_left.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_nav_right.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_e.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_n.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_ne.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_nw.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_s.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_se.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_sw.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_shadow_w.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_left.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_main.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_over.png
c:\skype\Apps\skypehome\i\images\fancybox\fancy_title_right.png
c:\skype\Apps\skypehome\i\images\fancybox\fancybox-x.png
c:\skype\Apps\skypehome\i\images\fancybox\fancybox-y.png
c:\skype\Apps\skypehome\i\images\fancybox\fancybox.png
c:\skype\Apps\skypehome\i\images\feedSettings_expanded_bg_1x4.png
c:\skype\Apps\skypehome\i\images\Movie_16x16_x3.png
c:\skype\Apps\skypehome\i\images\myselfPanel_bg_1x36.png
c:\skype\Apps\skypehome\i\images\partners85.png
c:\skype\Apps\skypehome\i\images\Settings_16x16_x5.png
c:\skype\Apps\skypehome\i\images\Settings_30x16_x5.png
c:\skype\Apps\skypehome\i\images\Share_45x16_x3.png
c:\skype\Apps\skypehome\i\images\Switch_22x13_x4.png
c:\skype\Apps\skypehome\i\images\Switch_22x13_x4_disabled.png
c:\skype\Apps\skypehome\i\images\Textarea-b_557x3_x1.png
c:\skype\Apps\skypehome\i\images\Textarea-t_557x3_x2.png
c:\skype\Apps\skypehome\i\images\Video_mood_16x16_x5.png
c:\skype\Apps\skypehome\i\images\ViewSwtich-l-selected_76x80_x5.png
c:\skype\Apps\skypehome\i\images\ViewSwtich-l-unselected_76x80_x5.png
c:\skype\Apps\skypehome\i\images\ViewSwtich-r-selected_58x80_x5.png
c:\skype\Apps\skypehome\i\images\ViewSwtich-r-unselected_58x80_x5.png
c:\skype\Apps\skypehome\i\languages\ar.json
c:\skype\Apps\skypehome\i\languages\bg.json
c:\skype\Apps\skypehome\i\languages\cs.json
c:\skype\Apps\skypehome\i\languages\da.json
c:\skype\Apps\skypehome\i\languages\de.json
c:\skype\Apps\skypehome\i\languages\el.json
c:\skype\Apps\skypehome\i\languages\en.json
c:\skype\Apps\skypehome\i\languages\es.json
c:\skype\Apps\skypehome\i\languages\et.json
c:\skype\Apps\skypehome\i\languages\fi.json
c:\skype\Apps\skypehome\i\languages\fr.json
c:\skype\Apps\skypehome\i\languages\he.json
c:\skype\Apps\skypehome\i\languages\hu.json
c:\skype\Apps\skypehome\i\languages\id.json
c:\skype\Apps\skypehome\i\languages\it.json
c:\skype\Apps\skypehome\i\languages\ja.json
c:\skype\Apps\skypehome\i\languages\ko.json
c:\skype\Apps\skypehome\i\languages\lt.json
c:\skype\Apps\skypehome\i\languages\lv.json
c:\skype\Apps\skypehome\i\languages\nl.json
c:\skype\Apps\skypehome\i\languages\no.json
c:\skype\Apps\skypehome\i\languages\pl.json
c:\skype\Apps\skypehome\i\languages\pt-br.json
c:\skype\Apps\skypehome\i\languages\pt.json
c:\skype\Apps\skypehome\i\languages\ro.json
c:\skype\Apps\skypehome\i\languages\rtl.css
c:\skype\Apps\skypehome\i\languages\ru.json
c:\skype\Apps\skypehome\i\languages\sv.json
c:\skype\Apps\skypehome\i\languages\tr.json
c:\skype\Apps\skypehome\i\languages\uk.json
c:\skype\Apps\skypehome\i\languages\vi.json
c:\skype\Apps\skypehome\i\languages\zh-Hans.json
c:\skype\Apps\skypehome\i\languages\zh-Hant.json
c:\skype\Apps\skypehome\i\production\combined.css
c:\skype\Apps\skypehome\i\production\combined.js
c:\skype\Apps\skypehome\i\production\jquery-1.4.3.min.js
c:\skype\Apps\skypehome\index.html
c:\users\kmitchell\AppData\Roaming\304BF
c:\users\kmitchell\AppData\Roaming\304BF\9FD1D.exe
c:\users\kmitchell\AppData\Roaming\304BF\F649.04B
c:\users\kmitchell\AppData\Roaming\dwme.exe
c:\users\kmitchell\AppData\Roaming\XgTZZjjCwkIrO
c:\users\kmitchell\AppData\Roaming\XgTZZjjCwkIrO\Cloud AV 2012.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 23:43 . 2011-11-24 23:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\SJ7dEqhYXkVlBz0
2011-11-24 23:43 . 2011-11-24 23:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd
2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\setup\AppData\Local\temp
2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\jstouffer\AppData\Local\temp
2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 23:38 . 2011-11-24 23:38 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-24 22:22 . 2011-11-24 22:22 -------- d-----w- c:\program files (x86)\BF649
2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\FWWK7fEL9
2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\SS22ibD3pG4aHsK
2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA
2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\u2bF3pmGa
2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\kgRZ9hYXwUe
2011-11-24 22:21 . 2011-11-24 22:21 -------- d-----w- c:\users\kmitchell\AppData\Roaming\T111ibD3nG4aHsJ
2011-11-17 13:55 . 2011-11-17 16:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-17 13:55 . 2011-11-17 14:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-11 15:33 . 2011-11-11 15:33 388096 ----a-r- c:\users\kmitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 15:33 . 2011-11-11 15:33 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-11 15:21 . 2011-11-11 15:21 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-11 14:46 . 2011-05-12 19:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2011-11-11 14:19 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\6963.tmp
2011-11-11 14:18 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\ED02.tmp
2011-11-11 14:17 . 2011-11-11 14:17 -------- d-----w- c:\program files (x86)\Sophos
2011-11-11 13:43 . 2011-11-11 13:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Malwarebytes
2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Malwarebytes
2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 14:31 . 2011-11-11 13:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-10 14:16 . 2011-11-10 17:00 -------- d-----w- c:\windows\system32\appmgmt
2011-11-10 14:11 . 2011-11-10 14:11 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Apple Computer
2011-11-09 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:40 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:31 . 2011-11-08 21:31 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Apple Computer
2011-11-02 22:08 . 2011-11-10 15:47 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-02 22:08 . 2011-11-02 22:08 -------- d-----w- c:\users\kmitchell\AppData\Local\Apple
2011-11-02 22:08 . 2011-11-10 16:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-02 22:08 . 2011-11-10 16:11 -------- d-----w- c:\programdata\Apple
2011-11-02 22:06 . 2011-11-10 16:11 -------- d-----w- c:\program files (x86)\QuickTime
2011-11-02 17:59 . 2011-11-02 19:14 -------- d-----w- c:\users\kmitchell\AppData\Roaming\webex
2011-11-02 17:59 . 2011-11-10 16:11 -------- d-----w- c:\programdata\WebEx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 22:24 . 2011-11-24 22:24 138820 ----a-w- C:\mbrfix.zip
2011-11-21 20:27 . 2011-07-20 13:11 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-09-20 18:35 . 2011-10-21 16:32 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-09-01 05:24 . 2011-10-18 17:55 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-18 17:55 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-18 17:55 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-18 17:55 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37 . 2011-10-13 16:21 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 16:21 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 16:21 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 16:21 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-08-18 115624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-06-02 1553256]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-11-02 421888]
"F77fRL9gTXjYeIr8234A"="c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA\Cloud AV 2012v121.exe" [2011-11-24 2932224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-06-02 477032]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6963.tmp [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-03-31 579264]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260Core.job
- c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260UA.job
- c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-30 54120]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 74.40.74.40 74.40.74.41
FF - ProfilePath - c:\users\kmitchell\AppData\Roaming\Mozilla\Firefox\Profiles\950sra5n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKLM-Run-YttxP0ycSiDoF8234A - c:\windows\system32\Cloud AV 2012v121.exe
Wow6432Node-HKLM-Run-hIBtzPNyc1v2b4m - c:\users\kmitchell\AppData\Roaming\dwme.exe
Wow6432Node-HKLM-Run-186.exe - c:\program files (x86)\LP\1D83\186.exe
Wow6432Node-HKLM-Run-dfEL9gTZqYwI - c:\users\kmitchell\AppData\Roaming\dwme.exe
Notify-igfxcui - (no file)
SafeBoot-Symantec Antvirus
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6963.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Completion time: 2011-11-24 19:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 00:04
.
Pre-Run: 106,445,561,856 bytes free
Post-Run: 106,773,168,128 bytes free
.
- - End Of File - - D6D80CEA991BDB9CC291CBCE7478D05C
 

Attachments

Joined
Aug 9, 2011
Messages
808
Good work.
Combofix deleted a lot of Skype related files. Did you ever installed Skype directly on your C: drive ?

The MBR file appears clean but there are some things which requires our attention.



While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.



Open notepad and copy/paste the text in the Code-box below into it:

Code:
Folder::
c:\users\kmitchell\AppData\Roaming\SJ7dEqhYXkVlBz0
c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd
c:\users\kmitchell\AppData\Roaming\FWWK7fEL9
c:\users\kmitchell\AppData\Roaming\SS22ibD3pG4aHsK
c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA
c:\users\kmitchell\AppData\Roaming\u2bF3pmGa
c:\users\kmitchell\AppData\Roaming\kgRZ9hYXwUe
c:\users\kmitchell\AppData\Roaming\T111ibD3nG4aHsJ

DirLook::
c:\program files (x86)\BF649

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"F77fRL9gTXjYeIr8234A"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.



Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




Please press the
+ R Key and Copy/Paste the following single-line command into the Run box and click OK

"C:\QooBox\Add-Remove Programs.txt"


This will open a notepad window, Please Copy/Paste its content in your next reply.


How is your system behaving now ?



Please post in your next reply
Combofix.txt
Add-Remove Programms.txt
 

sapphire69

Thread Starter
Joined
Nov 14, 2011
Messages
24
Good morning, Daniel!

To answer your question regarding Skype, I did install that on my computer to communicate with a friend of mine traveling abroad for vacation. I am fine with removing it.

After closing the browser, prior to dragging the file over to Combo Fix, there were several messages that kept appearing, like tool tips, with a "mevio" web address in them. I was able to capter a screen shot of one and I have attached it. The other image in the document is the processes that were running. It shows Internet Explorer process running even though I had closed all open browser windows.

I have not seen any unusual activity since Combo Fix rebooted but there are still several files on my external drive that are hidden.

Thank you so much for your assistance and here are the log files you requested:

ComboFix 11-11-24.01 - kmitchell 11/25/2011 9:51.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3992.2251 [GMT -5:00]
Running from: c:\users\kmitchell\Desktop\ComboFix.exe
Command switches used :: c:\users\kmitchell\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kmitchell\AppData\Roaming\FWWK7fEL9
c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA
c:\users\kmitchell\AppData\Roaming\hekkIBrzOyxA\Cloud AV 2012v121.exe
c:\users\kmitchell\AppData\Roaming\kgRZ9hYXwUe
c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd
c:\users\kmitchell\AppData\Roaming\PcA1ivD2oFpHsJd\Cloud AV 2012.ico
c:\users\kmitchell\AppData\Roaming\SJ7dEqhYXkVlBz0
c:\users\kmitchell\AppData\Roaming\SS22ibD3pG4aHsK
c:\users\kmitchell\AppData\Roaming\T111ibD3nG4aHsJ
c:\users\kmitchell\AppData\Roaming\u2bF3pmGa
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\setup\AppData\Local\temp
2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\jstouffer\AppData\Local\temp
2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 15:26 . 2011-11-25 15:26 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-11-24 22:22 . 2011-11-24 22:22 -------- d-----w- c:\program files (x86)\BF649
2011-11-17 13:55 . 2011-11-17 16:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-17 13:55 . 2011-11-17 14:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-11 15:33 . 2011-11-11 15:33 388096 ----a-r- c:\users\kmitchell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-11 15:33 . 2011-11-11 15:33 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-11 15:21 . 2011-11-11 15:21 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-11 14:46 . 2011-05-12 19:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2011-11-11 14:19 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\6963.tmp
2011-11-11 14:18 . 2011-05-12 19:03 6144 ------w- c:\windows\system32\ED02.tmp
2011-11-11 14:17 . 2011-11-11 14:17 -------- d-----w- c:\program files (x86)\Sophos
2011-11-11 13:43 . 2011-11-11 13:43 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Malwarebytes
2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Malwarebytes
2011-11-10 14:31 . 2011-11-10 14:31 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 14:31 . 2011-11-11 13:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-10 14:16 . 2011-11-10 17:00 -------- d-----w- c:\windows\system32\appmgmt
2011-11-10 14:11 . 2011-11-10 14:11 -------- d-----w- c:\users\jstouffer\AppData\Roaming\Apple Computer
2011-11-09 12:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 12:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 12:40 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 12:40 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:31 . 2011-11-08 21:31 -------- d-----w- c:\users\kmitchell\AppData\Roaming\Apple Computer
2011-11-02 22:08 . 2011-11-10 15:47 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-02 22:08 . 2011-11-02 22:08 -------- d-----w- c:\users\kmitchell\AppData\Local\Apple
2011-11-02 22:08 . 2011-11-10 16:10 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-02 22:08 . 2011-11-10 16:11 -------- d-----w- c:\programdata\Apple
2011-11-02 22:06 . 2011-11-10 16:11 -------- d-----w- c:\program files (x86)\QuickTime
2011-11-02 17:59 . 2011-11-02 19:14 -------- d-----w- c:\users\kmitchell\AppData\Roaming\webex
2011-11-02 17:59 . 2011-11-10 16:11 -------- d-----w- c:\programdata\WebEx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 00:55 . 2011-11-25 00:55 138820 ----a-w- C:\mbrfix.zip
2011-11-21 20:27 . 2011-07-20 13:11 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-09-20 18:35 . 2011-10-21 16:32 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-09-01 05:24 . 2011-10-18 17:55 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-18 17:55 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-18 17:55 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-18 17:55 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-18 17:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\BF649 ----
.
2011-11-24 22:22 . 2011-11-24 22:22 188416 ----a-w- c:\program files (x86)\BF649\lvvm.exe
.
.
((((((((((((((((((((((((((((( [email protected]_23.44.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-17 16:29 . 2011-11-24 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-17 16:29 . 2011-11-25 14:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-11-24 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-25 14:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-24 22:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-25 14:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-25 14:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-24 22:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-11-25 15:34 47964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-19 22:13 . 2011-11-25 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-19 22:13 . 2011-11-24 23:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-19 22:13 . 2011-11-24 23:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-19 22:13 . 2011-11-25 15:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-24 23:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-25 15:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-18 13:36 . 2011-11-25 15:34 4578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-847016160-4124738267-1826922858-1260_UserData.bin
+ 2011-11-25 15:30 . 2011-11-25 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-24 23:41 . 2011-11-24 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-24 23:41 . 2011-11-24 23:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-25 15:30 . 2011-11-25 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-19 21:41 . 2011-11-25 14:29 292834 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-11-25 15:28 399196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-24 23:40 399196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-11 21:01 . 2011-11-24 23:40 2598072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-11 21:01 . 2011-11-25 15:28 2598072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-03 19:56 . 2011-11-25 15:28 15750908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-847016160-4124738267-1826922858-1260-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-06-24 15:04 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-06-24 81920]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-08-18 115624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-06-02 1553256]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-11-02 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-8-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-06-02 477032]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6963.tmp [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-06-02 83304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-30 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-30 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-06-02 148840]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-03-31 579264]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-10 138360]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260Core.job
- c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-847016160-4124738267-1826922858-1260UA.job
- c:\users\kmitchell\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 17:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-30 54120]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
FF - ProfilePath - c:\users\kmitchell\AppData\Roaming\Mozilla\Firefox\Profiles\950sra5n.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6963.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2011-11-25 10:53:21 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-25 15:53
ComboFix2.txt 2011-11-25 00:05
.
Pre-Run: 106,175,578,112 bytes free
Post-Run: 106,035,601,408 bytes free
.
- - End Of File - - 787CA5D472B5AC0312F5AD8A36C99594




Update for Microsoft Office 2007 (KB2508958)
Access Help
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.0 Professional
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
AVS Audio Converter 7
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Cisco AnyConnect VPN Client
FormatFactory 2.70
Freecorder 5
Freecorder Toolbar
Google Chrome
HiJackThis
Java Auto Updater
Java(TM) 6 Update 26
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2007
Microsoft Office Project Professional 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
Moyea PPT to Video Converter version 2.2.0.55
Mozilla Firefox 8.0 (x86 en-US)
Powerpoint-PPT to AVI-GIF Converter v1.117 (Release 06-03-07 Fr
PowerVideoMaker Professional 5.0
Projector
QuickTime
RICOH R5U8xx Media Driver ver.3.64.02
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype
Snagit 10
Sophos Anti-Rootkit 1.5.20
Spybot - Search & Destroy
System Update
ThinkPad Power Manager
ThinkPad UltraNav Utility
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VLC media player 1.1.10
WebEx
WebEx Productivity Tools
WinZip
Wondershare PPT2Video Pro 6.1.10
Yahoo! Detect
 
Joined
Aug 9, 2011
Messages
808
Hy there

like tool tips, with a "mevio" web address in them
I do not see an attached screenshot but it would be very interesting. So please attach them in your next reply :)



Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):
Skype

Better to uninstall Software you do not need anymore.



I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Enviroment ( JRE ) 7 and save it to your desktop.
  • Scroll down to where it says Java SE 7 Update 1
  • Click the red Download JRE button on the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are three options in the window to clear the cache - Make sure all are checked
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log in your next reply.

Note: Please also write down the detections of ESET with notepad or something similar because sometimes they are not shown in the logfiles.



Please post in your next reply
MBAM Log
log.txt
Note any open issues
 

sapphire69

Thread Starter
Joined
Nov 14, 2011
Messages
24
Hi Daniel!

I'm away from my computer right now and will be for a couple of hours but I will follow your directions when I get home. In the meantime, can you tellme if attachments need to be in a specific format? I would like to attach the screenshots to my next reply.

Have a wonderful afternoon!
 
Joined
Aug 9, 2011
Messages
808
Thanks for letting me know. There is no rush (y)

You will see the valid file extensions above the Manage Attachments Button.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top