Having some issues..very confused.

[johnb35]

Yes, boot into normal mode.

 

[M199]

Done.
Icon is in the right hand corner of my screen again.
Should I just try turning it off and running combo again?
Afraid if I turn it off then restart for safe mode I'll just get the error messages again.

 

[johnb35]

right click on the icon and see if there is an option to deselect "activate realtime protection"? If not, you can try running combofix like it is but not sure if it will run properly.

 

[M199]

Right clicked and it says 'protection against viruses & spyware' and it has a check next to it. Is this what I need to uncheck?

 

[johnb35]

yes

 

[M199]

Done. Said it had to update combo..did it.
Then I got blue screen again.

Dont know what to do at this point.

 

[johnb35]

Are you talking about blue screen of death or just a blue screen, cause combofix is a blue screen when it runs? Was there any info on this blue screen?

 

[M199]

If blue screen of death means it pops up full screen with error messages and then your computer crashes and restarts..then yes. The blue screen of death.

 

[johnb35]

Ok, lets try something first. Get back into regular bootup mode and do the following.

Download BlueScreenView
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

[M199]

==================================================
Dump File : Mini070611-02.dmp
Crash Time : 7/6/2011 4:45:14 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`0313be8e
Parameter 3 : 00000000`00000000
Parameter 4 : ffffffff`ffffffff
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5a490
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+5a490
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini070611-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 274,408
==================================================

==================================================
Dump File : Mini070611-01.dmp
Crash Time : 7/6/2011 1:57:55 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`030fae8e
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00d12000
Caused By Driver : ndistapi.sys
Caused By Address : ndistapi.sys+8eb5688
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+5a490
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini070611-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 274,408
==================================================

==================================================
Dump File : Mini061411-01.dmp
Crash Time : 6/14/2011 10:30:54 PM
Bug Check String : SYSTEM_EXIT_OWNED_MUTEX
Bug Check Code : 0x00000039
Parameter 1 : fffffa80`071583cc
Parameter 2 : 00000000`00000000
Parameter 3 : fffffa60`017d9c80
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5a490
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+5a490
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini061411-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 278,720
==================================================

==================================================
Dump File : Mini060911-01.dmp
Crash Time : 6/9/2011 3:01:55 AM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02e4715a
Parameter 3 : 00000000`00000000
Parameter 4 : 000007ff`fffa0000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5a490
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+5a490
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini060911-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 278,720
==================================================

==================================================
Dump File : Mini052811-01.dmp
Crash Time : 5/28/2011 10:30:44 AM
Bug Check String : WORKER_INVALID
Bug Check Code : 0x000000e4
Parameter 1 : 00000000`00000001
Parameter 2 : fffffa60`017d9c80
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5a490
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+5a490
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini052811-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 274,408
==================================================

 

[johnb35]

Lets try this now.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

 

[M199]

It did find something.. here's the log after reboot;


2011/07/06 17:09:19.0116 4180 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/06 17:09:21.0121 4180 ================================================================================
2011/07/06 17:09:21.0121 4180 SystemInfo:
2011/07/06 17:09:21.0121 4180
2011/07/06 17:09:21.0121 4180 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/06 17:09:21.0121 4180 Product type: Workstation
2011/07/06 17:09:21.0121 4180 ComputerName: AMANDA-PC
2011/07/06 17:09:21.0122 4180 UserName: Amanda
2011/07/06 17:09:21.0122 4180 Windows directory: C:\Windows
2011/07/06 17:09:21.0122 4180 System windows directory: C:\Windows
2011/07/06 17:09:21.0122 4180 Running under WOW64
2011/07/06 17:09:21.0122 4180 Processor architecture: Intel x64
2011/07/06 17:09:21.0122 4180 Number of processors: 2
2011/07/06 17:09:21.0122 4180 Page size: 0x1000
2011/07/06 17:09:21.0122 4180 Boot type: Normal boot
2011/07/06 17:09:21.0122 4180 ================================================================================
2011/07/06 17:09:22.0038 4180 Initialize success
2011/07/06 17:09:35.0515 3052 ================================================================================
2011/07/06 17:09:35.0515 3052 Scan started
2011/07/06 17:09:35.0515 3052 Mode: Manual;
2011/07/06 17:09:35.0515 3052 ================================================================================
2011/07/06 17:09:36.0157 3052 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/07/06 17:09:36.0232 3052 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/07/06 17:09:36.0281 3052 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/07/06 17:09:36.0330 3052 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/07/06 17:09:36.0371 3052 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/07/06 17:09:36.0447 3052 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/07/06 17:09:36.0498 3052 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/07/06 17:09:36.0563 3052 ahcix64s (97dd49ccdb89a22cfcea78b29d393d87) C:\Windows\system32\drivers\ahcix64s.sys
2011/07/06 17:09:36.0594 3052 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/07/06 17:09:36.0652 3052 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/07/06 17:09:36.0676 3052 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/07/06 17:09:36.0697 3052 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/07/06 17:09:36.0808 3052 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/07/06 17:09:36.0832 3052 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/07/06 17:09:36.0860 3052 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/06 17:09:36.0904 3052 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/07/06 17:09:37.0052 3052 atikmdag (a4379447148ee55330768cc491ee999e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/06 17:09:37.0139 3052 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/07/06 17:09:37.0208 3052 atksgt (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/06 17:09:37.0295 3052 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/06 17:09:37.0364 3052 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/07/06 17:09:37.0443 3052 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/06 17:09:37.0490 3052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/06 17:09:37.0517 3052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/07/06 17:09:37.0550 3052 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/07/06 17:09:37.0575 3052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/07/06 17:09:37.0602 3052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/06 17:09:37.0623 3052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/07/06 17:09:37.0646 3052 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/07/06 17:09:37.0687 3052 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/06 17:09:37.0731 3052 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/06 17:09:37.0779 3052 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/07/06 17:09:37.0835 3052 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/07/06 17:09:37.0915 3052 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/07/06 17:09:37.0939 3052 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/07/06 17:09:37.0965 3052 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/07/06 17:09:38.0039 3052 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/07/06 17:09:38.0093 3052 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/07/06 17:09:38.0169 3052 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/06 17:09:38.0234 3052 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/06 17:09:38.0260 3052 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/06 17:09:38.0306 3052 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/07/06 17:09:38.0345 3052 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/07/06 17:09:38.0378 3052 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/07/06 17:09:38.0443 3052 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/07/06 17:09:38.0492 3052 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/07/06 17:09:38.0521 3052 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/06 17:09:38.0578 3052 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/07/06 17:09:38.0633 3052 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/07/06 17:09:38.0703 3052 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/06 17:09:38.0770 3052 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/07/06 17:09:38.0825 3052 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/06 17:09:38.0849 3052 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/06 17:09:38.0902 3052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/06 17:09:38.0979 3052 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/07/06 17:09:39.0043 3052 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/06 17:09:39.0079 3052 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/07/06 17:09:39.0104 3052 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/07/06 17:09:39.0162 3052 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/06 17:09:39.0222 3052 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/07/06 17:09:39.0283 3052 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/07/06 17:09:39.0309 3052 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/07/06 17:09:39.0384 3052 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/06 17:09:39.0412 3052 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/07/06 17:09:39.0447 3052 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/07/06 17:09:39.0548 3052 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/06 17:09:39.0603 3052 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/07/06 17:09:39.0621 3052 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/06 17:09:39.0680 3052 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/06 17:09:39.0720 3052 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/06 17:09:39.0749 3052 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/06 17:09:39.0798 3052 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/07/06 17:09:39.0847 3052 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/07/06 17:09:39.0893 3052 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/06 17:09:39.0920 3052 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/07/06 17:09:39.0970 3052 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/07/06 17:09:39.0998 3052 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/06 17:09:40.0012 3052 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/06 17:09:40.0065 3052 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/06 17:09:40.0091 3052 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/07/06 17:09:40.0136 3052 lirsgt (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/06 17:09:40.0173 3052 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/06 17:09:40.0210 3052 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/06 17:09:40.0230 3052 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/06 17:09:40.0254 3052 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/06 17:09:40.0282 3052 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/07/06 17:09:40.0321 3052 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/07/06 17:09:40.0366 3052 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/07/06 17:09:40.0398 3052 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/07/06 17:09:40.0417 3052 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/06 17:09:40.0431 3052 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/06 17:09:40.0464 3052 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/06 17:09:40.0497 3052 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/06 17:09:40.0538 3052 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/07/06 17:09:40.0563 3052 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/06 17:09:40.0595 3052 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/06 17:09:40.0622 3052 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/06 17:09:40.0665 3052 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/06 17:09:40.0739 3052 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/06 17:09:40.0787 3052 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/06 17:09:40.0816 3052 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/07/06 17:09:40.0839 3052 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/07/06 17:09:40.0885 3052 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/07/06 17:09:40.0905 3052 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/07/06 17:09:40.0966 3052 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/06 17:09:41.0003 3052 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/06 17:09:41.0022 3052 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/07/06 17:09:41.0076 3052 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/07/06 17:09:41.0109 3052 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/06 17:09:41.0173 3052 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/07/06 17:09:41.0197 3052 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/07/06 17:09:41.0267 3052 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/06 17:09:41.0342 3052 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/07/06 17:09:41.0395 3052 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/06 17:09:41.0434 3052 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/06 17:09:41.0490 3052 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/06 17:09:41.0507 3052 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/07/06 17:09:41.0547 3052 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/06 17:09:41.0589 3052 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/06 17:09:41.0658 3052 netr28ux (01a8a17c17e548db1b6c2e597c0c66e6) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/07/06 17:09:41.0683 3052 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/07/06 17:09:41.0711 3052 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/07/06 17:09:41.0738 3052 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/06 17:09:41.0805 3052 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/07/06 17:09:41.0840 3052 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/07/06 17:09:41.0871 3052 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/07/06 17:09:41.0899 3052 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/07/06 17:09:41.0933 3052 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/07/06 17:09:42.0043 3052 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/06 17:09:42.0092 3052 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/07/06 17:09:42.0130 3052 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/07/06 17:09:42.0241 3052 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/07/06 17:09:42.0299 3052 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/07/06 17:09:42.0349 3052 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/07/06 17:09:42.0411 3052 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/07/06 17:09:42.0514 3052 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/06 17:09:42.0536 3052 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/07/06 17:09:42.0607 3052 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/06 17:09:42.0666 3052 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/07/06 17:09:42.0715 3052 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/07/06 17:09:42.0774 3052 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/06 17:09:42.0811 3052 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/06 17:09:42.0870 3052 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/06 17:09:42.0926 3052 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/06 17:09:42.0955 3052 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/06 17:09:43.0001 3052 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/06 17:09:43.0029 3052 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/06 17:09:43.0085 3052 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/07/06 17:09:43.0101 3052 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/06 17:09:43.0134 3052 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/07/06 17:09:43.0182 3052 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/06 17:09:43.0250 3052 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/07/06 17:09:43.0279 3052 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/06 17:09:43.0314 3052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/06 17:09:43.0343 3052 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/07/06 17:09:43.0371 3052 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/07/06 17:09:43.0411 3052 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/07/06 17:09:43.0448 3052 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/07/06 17:09:43.0463 3052 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/06 17:09:43.0479 3052 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/06 17:09:43.0494 3052 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/07/06 17:09:43.0526 3052 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/07/06 17:09:43.0549 3052 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/07/06 17:09:43.0595 3052 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/07/06 17:09:43.0649 3052 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/07/06 17:09:43.0708 3052 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/07/06 17:09:43.0756 3052 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/06 17:09:43.0804 3052 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/06 17:09:43.0869 3052 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/06 17:09:43.0937 3052 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys
2011/07/06 17:09:43.0999 3052 SWNC8U80 (93426e420efe938774d0c2d17f7ad4d2) C:\Windows\system32\DRIVERS\swnc8u80.sys
2011/07/06 17:09:44.0054 3052 SWUMX80 (8eb20f97ccbd8363f5564f01ba7b34cc) C:\Windows\system32\DRIVERS\swumx80.sys
2011/07/06 17:09:44.0081 3052 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/07/06 17:09:44.0108 3052 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/07/06 17:09:44.0152 3052 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/07/06 17:09:44.0252 3052 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/07/06 17:09:44.0305 3052 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/06 17:09:44.0345 3052 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/06 17:09:44.0374 3052 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/07/06 17:09:44.0403 3052 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/07/06 17:09:44.0438 3052 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/06 17:09:44.0482 3052 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/06 17:09:44.0564 3052 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/07/06 17:09:44.0608 3052 tmcomm (360e61217d4e1e333583d0c721057f70) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/07/06 17:09:44.0664 3052 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/07/06 17:09:44.0716 3052 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/07/06 17:09:44.0761 3052 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/06 17:09:44.0785 3052 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/06 17:09:44.0833 3052 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/06 17:09:44.0862 3052 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/07/06 17:09:44.0905 3052 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/06 17:09:44.0962 3052 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/06 17:09:44.0998 3052 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/07/06 17:09:45.0033 3052 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/07/06 17:09:45.0068 3052 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/07/06 17:09:45.0107 3052 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/06 17:09:45.0172 3052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/06 17:09:45.0199 3052 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/06 17:09:45.0229 3052 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/07/06 17:09:45.0288 3052 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/06 17:09:45.0317 3052 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/06 17:09:45.0339 3052 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/06 17:09:45.0370 3052 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/07/06 17:09:45.0391 3052 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/06 17:09:45.0422 3052 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/06 17:09:45.0461 3052 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/06 17:09:45.0488 3052 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/07/06 17:09:45.0520 3052 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/07/06 17:09:45.0553 3052 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/07/06 17:09:45.0609 3052 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/07/06 17:09:45.0659 3052 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/07/06 17:09:45.0689 3052 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/07/06 17:09:45.0727 3052 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/07/06 17:09:45.0789 3052 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 17:09:45.0802 3052 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 17:09:45.0836 3052 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/07/06 17:09:45.0897 3052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/06 17:09:46.0027 3052 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/06 17:09:46.0081 3052 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/06 17:09:46.0179 3052 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/06 17:09:46.0220 3052 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/06 17:09:46.0287 3052 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/06 17:09:46.0313 3052 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/06 17:09:46.0399 3052 yukonx64 (d34faa40d8af3db716e67de203ef62ca) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/07/06 17:09:46.0487 3052 MBR (0x1B8) (c3cb91169c3379597e17079feecbfd03) \Device\Harddisk0\DR0
2011/07/06 17:09:46.0492 3052 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/06 17:09:46.0502 3052 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/07/06 17:09:46.0517 3052 Boot (0x1200) (8407ec0dee3ecf52634483f2473b48fd) \Device\Harddisk0\DR0\Partition0
2011/07/06 17:09:46.0526 3052 Boot (0x1200) (9d1238386c04610f52c6fe1cae494519) \Device\Harddisk1\DR1\Partition0
2011/07/06 17:09:46.0532 3052 ================================================================================
2011/07/06 17:09:46.0532 3052 Scan finished
2011/07/06 17:09:46.0532 3052 ================================================================================
2011/07/06 17:09:46.0543 1428 Detected object count: 1
2011/07/06 17:09:46.0543 1428 Actual detected object count: 1
2011/07/06 17:10:06.0844 1428 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/06 17:10:06.0845 1428 \Device\Harddisk0\DR0 - ok
2011/07/06 17:10:06.0846 1428 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/06 17:10:36.0285 3876 Deinitialize success

 

[johnb35]

You had an mbr infection. Now try running combofix, it should run without issues now. Hopefully. Make sure you reboot the pc first before running combofix. Make sure trend micro is disabled again.

 

[M199]

Oh I see.. Thank you.
So once combo has finished and I get the log.. You will need it and an updated hijackthis log, correct?

 

[johnb35]

You are correct.

 

[M199]

May I ask if these logs I'm posting hold any..information I should/ someone should remove once/if were able to kick my pc back to order? I don't know what I'm really looking at with them, so I'm not very sure.

 

[johnb35]

They don't hold any pertinent, personal information. Basically files that were created in the last 30 days, services/drivers runnning on the system and what runs at bootup and other info. So no worries.

 

[M199]

Phew. Ok, cool then.

 

[M199]

Ok combo is rebooting my computer now.. Logs shortly.

Er.. Trend micro is starting up but combo says not to start any programs.
Wait to see what happens or cntrl alt del to see if I can stop it?

Also I now have a icon on my computer saying 'the internet' with an explorer icon. Did combo put that on?

 

[M199]

Nvm.
Combo then Hijack.


ComboFix 11-07-06.03 - Amanda 07/06/2011 17:23:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.5886.4237 [GMT -4:00]
Running from: c:\users\Amanda\Downloads\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\atiumdva32.exe
c:\programdata\KBDCZ132.dll
c:\users\Amanda\11f5fe2a4b5bf2222732d4907dd8efeb.jpg
c:\users\Amanda\6a00d8341bfcfe53ef00e54f8f12648834-800wi.jpg
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{155ca05c-939f-4003-ad1f-993591e624bd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{910a7df3-474a-45ec-b9d1-95dba03b39fd}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{9cfbdb48-7ddf-4789-bec1-1e50ccb17b26}\install.rdf
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome.manifest
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\chrome\xulcache.jar
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\defaults\preferences\xulcache.js
c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\extensions\{f14115e8-1aab-4400-a2c1-21d1536d6fd9}\install.rdf
c:\windows\security\Database\tmp.edb
c:\windows\system32\service
c:\windows\SysWow64\atiumdva32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 21:41 . 2011-07-06 21:44 -------- d-----w- c:\users\Amanda\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-06 21:41 . 2011-07-06 21:41 -------- d-----w- c:\users\Conrad\AppData\Local\temp
2011-07-06 15:11 . 2011-07-06 15:11 388096 ----a-r- c:\users\Amanda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-06 15:11 . 2011-07-06 15:11 -------- d-----w- c:\program files (x86)\Trend Micro
2011-07-06 14:56 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 14:56 . 2011-07-06 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-06 00:17 . 2011-07-06 00:17 -------- d-----w- c:\users\Amanda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-05 23:25 . 2011-07-05 23:25 -------- d-----w- c:\users\Amanda\AppData\Local\{E1F1B8AB-513A-42EA-B43A-94676FF227C5}
2011-07-05 23:11 . 2011-07-05 23:11 -------- d-----w- c:\users\Amanda\AppData\Local\{708EC9E2-0F25-4C8D-B544-C53A5F31C548}
2011-07-05 18:03 . 2011-07-05 18:03 -------- d-----w- c:\users\Amanda\AppData\Local\{8EEA8D3F-FDE1-427A-92F6-4F625ACCE3C2}
2011-07-04 15:51 . 2011-07-04 15:52 -------- d-----w- c:\users\Amanda\AppData\Local\{5F8B7C86-D474-42B7-92F2-6AA0752EA20F}
2011-07-04 03:33 . 2011-07-04 03:33 -------- d-----w- c:\users\Amanda\AppData\Local\{EFF2BFFA-F6EB-44C9-8737-4F83D89ADAFB}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{051A39BC-DD8F-4B7D-BB40-9580344EB4A3}
2011-07-03 15:32 . 2011-07-03 15:32 -------- d-----w- c:\users\Amanda\AppData\Local\{0DDABC47-9933-4B8F-9674-4B45C386B5D2}
2011-07-03 01:08 . 2011-07-03 01:09 -------- d-----w- c:\users\Amanda\AppData\Local\{A40C2CBC-628F-4051-BA29-DD5D5ED839A8}
2011-07-02 05:12 . 2011-07-02 05:12 -------- d-----w- c:\users\Amanda\AppData\Local\{F4498E2A-B7D8-483F-B6FB-15C23D892972}
2011-07-01 17:11 . 2011-07-01 17:12 -------- d-----w- c:\users\Amanda\AppData\Local\{A7791A70-18CE-445F-8D20-C71B3E0BF311}
2011-07-01 05:11 . 2011-07-01 05:11 -------- d-----w- c:\users\Amanda\AppData\Local\{914FAE73-9EE1-426E-B61E-0F624F85B5D6}
2011-07-01 02:29 . 2011-06-24 03:18 565248 ----a-w- c:\windows\SysWow64\MFC7132.exe
2011-06-30 17:11 . 2011-06-30 17:11 -------- d-----w- c:\users\Amanda\AppData\Local\{B791BDEA-9467-4223-BAB7-610814CF88EA}
2011-06-30 02:48 . 2011-06-30 02:49 -------- d-----w- c:\users\Amanda\AppData\Local\{DA34D2A1-88A9-44E3-91A5-FFCDCD4AF749}
2011-06-29 15:00 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 15:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-29 14:48 . 2011-06-29 14:48 -------- d-----w- c:\users\Amanda\AppData\Local\{D4C97552-AC88-40F7-A737-779335878ECD}
2011-06-28 20:10 . 2011-06-28 20:10 -------- d-----w- c:\users\Amanda\AppData\Local\{E12DB36D-90BF-49C7-821A-06D891DD8B04}
2011-06-28 15:22 . 2011-06-28 15:22 -------- d-----w- c:\users\Amanda\AppData\Local\{DEF4FA9B-4320-4395-9272-3FAD4112D6DE}
2011-06-28 02:38 . 2011-06-28 02:39 -------- d-----w- c:\users\Amanda\AppData\Local\{702E43A5-6481-4DBA-B256-56631C65DAA6}
2011-06-27 14:38 . 2011-06-27 14:38 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-27 14:38 . 2011-06-27 14:38 -------- d-----w- c:\users\Amanda\AppData\Local\{4862B418-97EB-44E6-B9D6-EE0C914208AF}
2011-06-26 22:51 . 2011-06-26 22:51 -------- d-----w- c:\users\Amanda\AppData\Local\{C97556C9-F2DE-47F5-B944-D4D31B0E2749}
2011-06-25 14:40 . 2011-06-25 14:40 -------- d-----w- c:\users\Amanda\AppData\Local\{896A5C8D-22F9-486C-8922-19567548F373}
2011-06-25 02:40 . 2011-06-25 02:40 -------- d-----w- c:\users\Amanda\AppData\Local\{7BD80AE4-C1A4-4470-B306-E5B2FCE555EE}
2011-06-24 04:14 . 2011-06-24 04:15 -------- d-----w- c:\users\Amanda\AppData\Local\{3D3A9B2E-9356-4158-BD96-7FF57325A1F0}
2011-06-23 16:14 . 2011-06-23 16:14 -------- d-----w- c:\users\Amanda\AppData\Local\{387C1C23-49D8-497B-8A7C-EDD96485E0A5}
2011-06-22 16:47 . 2011-06-22 16:47 -------- d-----w- c:\users\Amanda\AppData\Local\{BAF196F3-24D3-4914-8009-E81B704816EE}
2011-06-22 02:31 . 2011-06-22 02:31 -------- d-----w- c:\users\Amanda\AppData\Local\{964DB97D-5339-4E6D-847E-A82C5972F672}
2011-06-21 14:31 . 2011-06-21 14:31 -------- d-----w- c:\users\Amanda\AppData\Local\{3C444365-2D9E-4C9D-BBEF-64B4402B191A}
2011-06-21 02:30 . 2011-06-21 02:30 -------- d-----w- c:\users\Amanda\AppData\Local\{989BED54-CB62-4FFB-AD59-67060E408F96}
2011-06-20 14:30 . 2011-06-20 14:30 -------- d-----w- c:\users\Amanda\AppData\Local\{930971A1-C894-45C6-98CD-2E52EDB7258E}
2011-06-20 02:29 . 2011-06-20 02:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B5ED8CC9-8D53-4F47-8410-87C4B7923543}
2011-06-19 14:29 . 2011-06-19 14:29 -------- d-----w- c:\users\Amanda\AppData\Local\{B980E578-E4CD-4721-9F5B-58679FA0AAB0}
2011-06-18 19:51 . 2011-06-18 19:51 -------- d-----w- c:\users\Amanda\AppData\Local\{6BAC88CF-9BFD-4DF5-93D8-3EBC9E1FE2F3}
2011-06-18 07:00 . 2011-06-18 07:00 -------- d-----w- c:\users\Amanda\AppData\Local\{F575B316-42FB-4DFF-A1B5-E1CB284B93D1}
2011-06-17 18:21 . 2011-06-17 18:21 -------- d-----w- c:\users\Amanda\AppData\Local\{96BAC7EC-237C-4CE9-A9C2-2B123AAF39FE}
2011-06-17 03:47 . 2011-06-17 03:47 -------- d-----w- c:\users\Amanda\AppData\Local\{7856E2DD-3445-4AE5-A28A-EBE3711481A5}
2011-06-16 15:46 . 2011-06-16 15:46 -------- d-----w- c:\users\Amanda\AppData\Local\{6661605C-CD9C-4B9B-9E92-239EFB619CF5}
2011-06-15 17:05 . 2011-06-15 17:06 -------- d-----w- c:\users\Amanda\AppData\Local\{E480E33E-BF23-45C5-A5FF-D3236330088E}
2011-06-15 17:05 . 2011-07-01 03:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 16:04 . 2011-06-14 16:04 -------- d-----w- c:\users\Amanda\AppData\Local\{E6967010-9F29-4EA8-8BAB-5BDE0CB78E7F}
2011-06-14 04:03 . 2011-06-14 04:04 -------- d-----w- c:\users\Amanda\AppData\Local\{5B81C99C-5405-4287-AB56-84FE27372F27}
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\MAGIX
2011-06-14 00:03 . 2011-06-14 00:03 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-06-13 16:03 . 2011-06-13 16:03 -------- d-----w- c:\users\Amanda\AppData\Local\{30AE5C27-4137-4D93-8C5C-6BCF90350067}
2011-06-13 14:54 . 2011-06-13 14:54 -------- d-----w- c:\program files (x86)\Safari
2011-06-13 14:42 . 2011-06-13 14:42 -------- d-----w- c:\program files\iPod
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files\iTunes
2011-06-13 14:42 . 2011-06-13 14:43 -------- d-----w- c:\program files (x86)\iTunes
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files\Bonjour
2011-06-13 14:38 . 2011-06-13 14:38 -------- d-----w- c:\program files (x86)\Bonjour
2011-06-13 04:03 . 2011-06-13 04:03 -------- d-----w- c:\users\Amanda\AppData\Local\{64ECE93A-C153-4C03-81A2-143DEC656BEF}
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\users\Amanda\AppData\Roaming\Malwarebytes
2011-06-13 01:09 . 2011-06-13 01:09 -------- d-----w- c:\programdata\Malwarebytes
2011-06-13 01:09 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 00:10 . 2011-06-27 14:38 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-13 00:10 . 2011-06-27 14:38 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-06-13 00:10 . 2011-06-27 14:38 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-13 00:10 . 2011-06-27 14:38 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-13 00:10 . 2011-06-27 14:38 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-13 00:10 . 2011-06-27 14:38 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-06-12 16:02 . 2011-06-12 16:02 -------- d-----w- c:\users\Amanda\AppData\Local\{2A365877-4EBB-45A7-B3F9-D5AD505FFE96}
2011-06-11 16:38 . 2011-06-11 16:38 -------- d-----w- c:\users\Amanda\AppData\Local\{574707A2-08B5-4F47-B05F-40776CC58D13}
2011-06-11 04:37 . 2011-06-11 04:38 -------- d-----w- c:\users\Amanda\AppData\Local\{9F923E77-452C-4B68-8571-FB0D384BDD7D}
2011-06-10 16:37 . 2011-06-10 16:37 -------- d-----w- c:\users\Amanda\AppData\Local\{24AEE9CE-FB43-47F0-AA11-9CB58BA1E431}
2011-06-10 04:17 . 2011-06-10 04:18 -------- d-----w- c:\users\Amanda\AppData\Local\{BD454A98-10F5-477D-81A9-B5807C41416A}
2011-06-09 16:17 . 2011-06-09 16:17 -------- d-----w- c:\users\Amanda\AppData\Local\{46540E4E-F89C-4C40-9A49-E030CBB76EB1}
2011-06-09 02:41 . 2011-06-09 02:41 -------- d-----w- c:\users\Amanda\AppData\Local\{07ACFEBB-1BF7-44D7-9B33-E7C0F7D95432}
2011-06-08 14:41 . 2011-06-08 14:41 -------- d-----w- c:\users\Amanda\AppData\Local\{DE60CE78-130B-4965-8E5F-43F2E6E26133}
2011-06-08 02:36 . 2011-06-08 02:36 -------- d-----w- c:\users\Amanda\AppData\Local\{2CB2C257-D560-400E-AA25-08A8D8150D3A}
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-07 14:16 . 2011-06-07 14:17 -------- d-----w- c:\users\Amanda\AppData\Local\{D3CADEE5-44DE-4EE2-8B7B-170645592A62}
2011-06-07 02:16 . 2011-06-07 02:16 -------- d-----w- c:\users\Amanda\AppData\Local\{0D238451-BFFB-46AE-BA46-EFC4449A0C45}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:06 . 2011-05-10 12:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\YspService.exe" [2010-06-14 296248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"CLMLServer"="c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" [2008-12-24 103720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 135664]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50a64.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 27648]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-23 17:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:59778
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amanda\AppData\Roaming\Mozilla\Firefox\Profiles\9oxvab5v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/\r
FF - prefs.js: network.proxy.http_port - 59778
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
------- File Associations -------
.
exefile="c:\windows\SysWOW64\config\systemprofile\AppData\Local\hcq.exe" -a "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{009A6416-669F-4147-8F1B-176A85CCE46a} - c:\windows\SysWow64\atiumdva32.dll
BHO-{010DBB78-2FED-4AED-A7E8-DC083989F51f} - c:\windows\SysWow64\atiumdva32.dll
BHO-{015113EC-A4E0-4FB1-9CE1-2140252DABE2} - c:\windows\SysWow64\atiumdva32.dll
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-msnmsgr - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe
Wow6432Node-HKCU-Run-e466e1645b951d29a0bcbe4576d3713d - c:\users\Amanda\DOWNLO~1\RI1FB0~1.EXE
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Gateway Photo Frame - c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe
SharedTaskScheduler-{705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Gateway Game Console - c:\program files (x86)\Gateway Games\Gateway Game Console\Uninstall.exe
AddRemove-MAGIX Speed 2 UK - c:\program files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-WT046831 - c:\program files (x86)\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT046838 - c:\program files (x86)\Gateway Games\Build-a-lot 2\Uninstall.exe
AddRemove-WT046859 - c:\program files (x86)\Gateway Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT046882 - c:\program files (x86)\Gateway Games\Dream Chronicles 2\Uninstall.exe
AddRemove-WT046884 - c:\program files (x86)\Gateway Games\FATE\Uninstall.exe
AddRemove-WT046904 - c:\program files (x86)\Gateway Games\Polar Bowler\Uninstall.exe
AddRemove-WT046906 - c:\program files (x86)\Gateway Games\Polar Golfer\Uninstall.exe
AddRemove-WT046908 - c:\program files (x86)\Gateway Games\Polar Pool\Uninstall.exe
AddRemove-WT046910 - c:\program files (x86)\Gateway Games\The Price is Right\Uninstall.exe
AddRemove-WT046928 - c:\program files (x86)\Gateway Games\Virtual Villagers - A New Home\Uninstall.exe
AddRemove-WT070562 - c:\program files (x86)\Gateway Games\Success Story\Uninstall.exe
AddRemove-WT071801 - c:\program files (x86)\Gateway Games\Zoo Vet\Uninstall.exe
AddRemove-WT072374 - c:\program files (x86)\Gateway Games\Burger Island\Uninstall.exe
AddRemove-WT072473 - c:\program files (x86)\Gateway Games\Chocolatier - Decadence by Design\Uninstall.exe
AddRemove-WT072477 - c:\program files (x86)\Gateway Games\Ciao Bella\Uninstall.exe
AddRemove-WT072769 - c:\program files (x86)\Gateway Games\Dress Shop Hop\Uninstall.exe
AddRemove-WT072823 - c:\program files (x86)\Gateway Games\Family Feud Hollywood Edition\Uninstall.exe
AddRemove-WT072848 - c:\program files (x86)\Gateway Games\Feeding Frenzy 2\Uninstall.exe
AddRemove-WT072867 - c:\program files (x86)\Gateway Games\FishCo\Uninstall.exe
AddRemove-WT072885 - c:\program files (x86)\Gateway Games\Fish Tycoon\Uninstall.exe
AddRemove-WT073317 - c:\program files (x86)\Gateway Games\Lemonade Tycoon 2\Uninstall.exe
AddRemove-WT074007 - c:\program files (x86)\Gateway Games\Stand O' Food\Uninstall.exe
AddRemove-WT074201 - c:\program files (x86)\Gateway Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe
AddRemove-WT074261 - c:\program files (x86)\Gateway Games\Westward\Uninstall.exe
AddRemove-WT074344 - c:\program files (x86)\Gateway Games\Winemaker Extraordinaire\Uninstall.exe
AddRemove-WT075246 - c:\program files (x86)\Gateway Games\Jane's Zoo\Uninstall.exe
AddRemove-WT076382 - c:\program files (x86)\Gateway Games\3 Days - Zoo Mystery\Uninstall.exe
AddRemove-WT078827 - c:\program files (x86)\Gateway Games\Nanny 911\Uninstall.exe
AddRemove-WT079516 - c:\program files (x86)\Gateway Games\Deer Drive\Uninstall.exe
AddRemove-WT079573 - c:\program files (x86)\Gateway Games\MONOPOLY Build-a-lot Edition\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{015113EC-A4E0-4FB1-9CE1-2140252DABE2}"=hex:51,66,7a,6c,4c,1d,38,12,82,10,42,
05,d2,ea,df,0a,e3,f7,62,00,20,73,ef,f6
"{014D2F73-E2A5-44F6-BD45-F0A791DE42A7}"=hex:51,66,7a,6c,4c,1d,38,12,1d,2c,5e,
05,97,ac,98,01,c2,53,b3,e7,94,80,06,b3
"{010DBB78-2FED-4AED-A7E8-DC083989F51F}"=hex:51,66,7a,6c,4c,1d,38,12,16,b8,1e,
05,df,61,83,0f,d8,fe,9f,48,3c,d7,b1,0b
"{009A6416-669F-4147-8F1B-176A85CCE46A}"=hex:51,66,7a,6c,4c,1d,38,12,78,67,89,
04,ad,28,29,04,f0,0d,54,2a,80,92,a0,7e
.
[HKEY_USERS\S-1-5-21-2819834726-533737158-1913216436-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,1d,81,de,fe,f4,50,82,c4,5b,8b,93,a1,93,1a,f8,e9,47,58,e8,a3,
0f,6b,38,5c,d0,bf,13,43,71,55,72,c3,27,da,64,dd,d6,91,51,db,17,59,57,a7,a1,\
"rkeysecu"=hex:6d,fd,d5,a6,54,58,d5,b1,55,2c,10,1a,0b,7c,0c,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\mfc7132.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\atiumdva32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2011-07-06 17:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 21:50
.
Pre-Run: 397,411,774,464 bytes free
Post-Run: 400,064,819,200 bytes free
.
- - End Of File - - D882E408958C4C8116865FFB322E91B6


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:05 PM, on 7/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ModLedKey.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0609&m=dx4300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59778
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTNavAssist.dll
O2 - BHO: (no name) - {009A6416-669F-4147-8F1B-176A85CCE46a} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {010DBB78-2FED-4AED-A7E8-DC083989F51f} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: (no name) - {015113EC-A4E0-4FB1-9CE1-2140252DABE2} - C:\Windows\SysWow64\atiumdva32.dll (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: HopalustRdp - {705FB965-7459-4644-BF5E-12152519A1D8} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Function Discovery Resource Publication (FDResPub32) - Unknown owner - c:\windows\system32\mfc7132.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 12258 bytes