Author Topic: virus but viral removal tools cant seem to find it (Read 19280 times)

bchirpy · « **on:** November 14, 2011, 10:03:43 AM »

Please assist me as i think i have a virus - its deleting mail in twos and closing tabs in twos also affecting itunes and windows media player not closing turing off when clicking on close/stop.
Ive run mbam and super anti spyware both find nothing - dr web - still runnning but so far nothing, hijack this wont save to notepad not sure if it ends abbruptly,cccleaner has run, have dds files and will post next - updated java - but javara had a problem.

bchirpy · « **Reply #1 on:** November 14, 2011, 10:05:37 AM »

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by debbie at 16:36:52 on 2011-11-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4080.1703 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Consumer Input\dca-ua.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\HP Button Manager\BM.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGKU7VGI\a322r97g.exe
C:\Users\debbie\AppData\Local\Temp\E5B603AF-169516C9-307B3415-4F8D56AA\a1613e.exe
C:\Users\debbie\AppData\Local\Temp\E5B603AF-169516C9-307B3415-4F8D56AA\68594_xp.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotukdeals.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SA2.tmp" /EF "HKCU"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP Button Manager\BM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - C:\Users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1DE661A7-CBD7-411B-A619-99EF7096102E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745}\3596475636F6D6534313346373 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745}\E45647765616270223 : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2010/06/23 23:37:12];C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [2010-4-15 146928]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/23 18:48:48];C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [2009-9-1 146928]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
R3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
RUnknown DwProt;DwProt;

S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\system32\DRIVERS\arusb_win7x.sys --> C:\Windows\system32\DRIVERS\arusb_win7x.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-11-14 16:28:51   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-11-14 15:41:10   388096   ----a-r-   C:\Users\debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 15:41:09   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2011-11-14 13:58:04   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\offreg.dll
2011-11-14 13:58:03   8570192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\mpengine.dll
2011-11-14 13:11:57   917840   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7845E7E-B698-4FC8-9C97-AC5D378A5456}\gapaengine.dll
2011-11-14 11:17:55   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2011-11-14 11:17:01   --------   d-----w-   C:\Program Files\Microsoft Security Client
2011-11-14 10:03:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{BC759C66-62EC-4828-B88D-5E51E28C2003}
2011-11-14 10:03:27   --------   d-----w-   C:\Users\debbie\AppData\Local\{A4934B08-F1C9-4890-A1A3-E9EEA05AB8F9}
2011-11-13 22:03:02   --------   d-----w-   C:\Users\debbie\AppData\Local\{CAB90685-3E29-47D8-99F4-15A27AC0F802}
2011-11-13 22:02:51   --------   d-----w-   C:\Users\debbie\AppData\Local\{D9B06C1A-4034-47F1-8C49-AFACFDDF9D8B}
2011-11-13 22:02:40   --------   d-----w-   C:\Users\debbie\AppData\Local\{2135084C-FF37-4787-AE4A-C12F112865B3}
2011-11-13 10:02:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{0ADFA177-B1C1-4727-86A4-C437F6B76A39}
2011-11-13 10:02:06   --------   d-----w-   C:\Users\debbie\AppData\Local\{A866AD3D-D4BD-4C50-85AA-7BA4DBA22EDE}
2011-11-13 10:01:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{DA0C0867-0971-4236-8BAC-91D7682AE2D1}
2011-11-13 10:01:44   --------   d-----w-   C:\Users\debbie\AppData\Local\{D8D29A8E-3A1B-4098-BCB5-B2906C8E472E}
2011-11-13 09:51:53   --------   d-----w-   C:\Windows\Internet Logs
2011-11-12 22:01:19   --------   d-----w-   C:\Users\debbie\AppData\Local\{0012A43F-E73F-4B62-91A1-573E41EA32BD}
2011-11-12 22:01:07   --------   d-----w-   C:\Users\debbie\AppData\Local\{619BAEAB-E7D1-4BF2-99F6-4EA092CC6C6C}
2011-11-12 21:18:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{56D6A48F-E783-442A-841E-CFA93A02E210}
2011-11-12 09:18:04   --------   d-----w-   C:\Users\debbie\AppData\Local\{D34DD43C-37C3-4CB1-BC9A-063CF4E707A1}
2011-11-12 09:17:54   --------   d-----w-   C:\Users\debbie\AppData\Local\{282CA071-315D-4050-8E24-4EB4B423C162}
2011-11-12 09:17:43   --------   d-----w-   C:\Program Files (x86)\CheckPoint
2011-11-12 09:17:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{43582B0A-2849-41BF-ACD0-E9831A9139EF}
2011-11-11 21:17:19   --------   d-----w-   C:\Users\debbie\AppData\Local\{32F53044-B00A-40C6-BF42-EB5F8C9CE434}
2011-11-11 21:17:08   --------   d-----w-   C:\Users\debbie\AppData\Local\{7C0159AF-6502-4091-9C52-25A7884DEE08}
2011-11-11 21:16:57   --------   d-----w-   C:\Users\debbie\AppData\Local\{DC507951-AA92-46C4-8722-3E0CDAFCA001}
2011-11-11 09:17:44   --------   d-----w-   C:\Users\debbie\AppData\Local\Sanford,_L.P
2011-11-11 09:16:38   --------   d-----w-   C:\Users\debbie\AppData\Local\DYMO
2011-11-11 09:16:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{A2C74583-244B-4659-A72A-FE80053AA5AE}
2011-11-11 09:16:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{43FBB91E-8A39-49CA-94B2-A7F1791C432A}
2011-11-11 09:16:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{E5505424-BDD2-4A0C-A95D-2E85850BE26B}
2011-11-11 09:15:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{2EEC7660-E17E-4AE8-8699-917A44E99349}
2011-11-11 09:06:30   --------   d-----w-   C:\Program Files (x86)\DYMO
2011-11-11 09:06:28   --------   d-----w-   C:\ProgramData\DYMO
2011-11-10 21:15:34   --------   d-----w-   C:\Users\debbie\AppData\Local\{038BF94B-1C1E-4DEF-8338-FAC64AF0D9BD}
2011-11-10 21:15:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{2E2C6693-3947-4AC0-8416-0522141EE8CB}
2011-11-10 09:14:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{8E34B4ED-3E6B-4902-97A3-823023E41F5B}
2011-11-10 09:14:46   --------   d-----w-   C:\Users\debbie\AppData\Local\{FD46DDC7-67C4-4B4C-913E-1638168BE07D}
2011-11-09 21:04:00   --------   d-----w-   C:\Users\debbie\AppData\Local\{79B35D4C-1DB1-439F-AC9A-57B60C655F66}
2011-11-09 21:03:48   --------   d-----w-   C:\Users\debbie\AppData\Local\{779CBBCA-2D63-4DB1-95F3-1BDED02E38E9}
2011-11-09 09:03:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{FA3642A1-7FE5-40F7-AC48-028E97C2FEA8}
2011-11-09 09:03:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{449F6F9E-9DA8-4117-BD54-C4693437F82D}
2011-11-09 09:02:49   --------   d-----w-   C:\Users\debbie\AppData\Local\{FE5EC346-7884-40B7-AD4E-FFFE59BF9805}
2011-11-09 08:59:44   886784   ----a-w-   C:\Program Files\Common Files\System\wab32.dll
2011-11-09 08:59:44   708608   ----a-w-   C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 08:59:43   1923952   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-11-09 08:59:42   3144704   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-08 21:02:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{88EAB128-AB34-40F6-B17C-CEBC42EC8646}
2011-11-08 21:02:26   --------   d-----w-   C:\Users\debbie\AppData\Local\{9E4996E2-CD77-4BDA-BA14-58AF64864879}
2011-11-08 09:02:01   --------   d-----w-   C:\Users\debbie\AppData\Local\{24BE27F3-554D-4FF8-A795-274D4EFCB612}
2011-11-08 09:01:51   --------   d-----w-   C:\Users\debbie\AppData\Local\{47999781-7EC5-4CE4-8C1F-10B3FB79D12B}
2011-11-08 09:01:29   --------   d-----w-   C:\Users\debbie\AppData\Local\{48936F55-BB75-46C7-BA55-F5C7E09B7A20}
2011-11-07 21:01:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{9296972D-58F7-40FD-8584-329DE974A5E9}
2011-11-07 21:01:01   --------   d-----w-   C:\Users\debbie\AppData\Local\{3B8677C7-F9E7-4203-8C9A-00F90D02C54C}
2011-11-07 09:00:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{34FE005D-CC0B-4170-AC8C-1086136946FE}
2011-11-06 21:00:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{F2B9C7A7-8554-45BD-A2A1-15B1270A9E74}
2011-11-06 09:03:39   --------   d-----w-   C:\Users\debbie\AppData\Local\{EFB7418E-F8C2-4978-A74F-A29AF34665B0}
2011-11-05 21:03:27   --------   d-----w-   C:\Users\debbie\AppData\Local\{5CA5311D-A884-4B18-BD49-358557FDD649}
2011-11-05 21:03:16   --------   d-----w-   C:\Users\debbie\AppData\Local\{CCD58C8A-DE75-4204-8C6A-CDA48D0BCCE1}
2011-11-05 21:02:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{791DD459-BFBD-4074-A0AE-8266C0404DBA}
2011-11-05 09:02:42   --------   d-----w-   C:\Users\debbie\AppData\Local\{4ECEE8B8-B02A-4422-B8A0-51190B16057D}
2011-11-05 09:02:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{0E78E001-BB84-4033-9C97-EACA114E099D}
2011-11-05 09:02:10   --------   d-----w-   C:\Users\debbie\AppData\Local\{D817A9DB-1F73-431E-89F5-4C8AF73E02BC}
2011-11-04 21:01:53   --------   d-----w-   C:\Users\debbie\AppData\Local\{0E3D0920-290B-4BA2-A114-7CD6BCFAF28B}
2011-11-04 21:01:42   --------   d-----w-   C:\Users\debbie\AppData\Local\{1E9926AC-1089-4DBA-B37E-7E3E233728FF}
2011-11-04 09:01:19   --------   d-----w-   C:\Users\debbie\AppData\Local\{8559920D-47EB-4866-BDF6-9457B8E14F6C}
2011-11-04 09:01:08   --------   d-----w-   C:\Users\debbie\AppData\Local\{649AB61A-8F5D-45A9-ADBC-AE6512442DB9}
2011-11-04 09:00:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{2C6BE58D-A510-4AAD-8786-DDE2587A18F9}
2011-11-03 21:00:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{C52CDA4C-860A-4DE7-8A8F-98BC4F7F455F}
2011-11-03 21:00:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{29043106-8D73-4FE6-90DB-94C5FB98090B}
2011-11-03 21:00:13   --------   d-----w-   C:\Users\debbie\AppData\Local\{D34353ED-E1CF-4C5B-A230-B512A551518C}
2011-11-03 21:00:02   --------   d-----w-   C:\Users\debbie\AppData\Local\{EB2E56EB-90BE-463A-BE88-D6C81E35CDFE}
2011-11-03 08:59:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{68774FF2-0388-40A4-A0ED-9EAE24A9FB2F}
2011-11-03 08:59:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{C27BA0A2-43FB-49FF-B9FF-314E711ADDD0}
2011-11-02 20:58:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{A9EABDD7-B47F-4FEC-97AA-E48EACAF3715}
2011-11-02 20:58:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{B87A1FB7-FEEF-40A1-A328-F1B59EED3727}
2011-11-02 20:58:36   --------   d-----w-   C:\Users\debbie\AppData\Local\{4E9DBCB1-52B1-45B7-ADE3-6BEA3513B15E}
2011-11-02 08:58:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{09FCBEE5-1D30-4F8D-B438-0ED49A085E68}
2011-11-02 08:58:00   --------   d-----w-   C:\Users\debbie\AppData\Local\{C8FD500B-2A14-4F66-83BA-76A1B73A4D37}
2011-11-02 08:57:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{85FEA4DB-EC69-4B5F-8695-767B22D6C236}
2011-11-01 20:57:25   --------   d-----w-   C:\Users\debbie\AppData\Local\{AB4404EB-DBF1-4EF3-BD50-F8A1B556DAF7}
2011-11-01 20:57:14   --------   d-----w-   C:\Users\debbie\AppData\Local\{68E0E89E-53D7-47BB-898B-9F4F9FCD9C4E}
2011-11-01 20:57:03   --------   d-----w-   C:\Users\debbie\AppData\Local\{E994C665-06D1-41F7-A967-260806C5D41D}
2011-11-01 08:56:39   --------   d-----w-   C:\Users\debbie\AppData\Local\{F8D0EED7-408D-4280-BA84-F1A1FC1C4CD0}
2011-11-01 08:56:29   --------   d-----w-   C:\Users\debbie\AppData\Local\{EA5BAF11-27DC-44C0-A0C4-6BA8724DF7F8}
2011-11-01 08:56:07   --------   d-----w-   C:\Users\debbie\AppData\Local\{721EFE93-7BD4-447A-952B-2F2DA4E79010}
2011-10-31 20:55:54   --------   d-----w-   C:\Users\debbie\AppData\Local\{3E1D0D58-5D96-42FF-BA30-DF0794215049}
2011-10-31 20:55:43   --------   d-----w-   C:\Users\debbie\AppData\Local\{86BF1D8F-49E9-438B-97D8-C2360BE7442D}
2011-10-31 20:55:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{F987B663-50F2-4EA0-9667-3343061DA416}
2011-10-31 08:55:08   --------   d-----w-   C:\Users\debbie\AppData\Local\{E310592E-BF83-472C-A7AF-A102E5D5F0B8}
2011-10-31 08:54:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{4DA7BDEC-8DA4-4DA8-BDE0-51578BB80D47}
2011-10-31 08:54:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{9AEAAA10-8A12-4779-8846-165BBCD54443}
2011-10-30 20:54:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{949B2B4D-318C-4DCA-89F6-51C18722C440}
2011-10-30 20:54:13   --------   d-----w-   C:\Users\debbie\AppData\Local\{F230E499-5101-4AF6-B1E0-7A122B4B1ADA}
2011-10-30 20:54:02   --------   d-----w-   C:\Users\debbie\AppData\Local\{19B09071-46BC-4159-8DEE-7CAC03F92BAF}
2011-10-30 08:53:34   --------   d-----w-   C:\Users\debbie\AppData\Local\{17EB8ED5-D946-473E-B914-832074D71BAC}
2011-10-30 08:53:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{A29EA914-41CE-4C94-9E74-B9157C67216F}
2011-10-30 08:52:49   --------   d-----w-   C:\Users\debbie\AppData\Local\{81B38CE9-C8AF-4E57-8A81-4F3D6A3F1DDE}
2011-10-29 20:52:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{38520545-7EE1-444F-8D1E-A41F7ED31090}
2011-10-29 20:52:26   --------   d-----w-   C:\Users\debbie\AppData\Local\{1272C443-A7EE-4C7F-A605-5714E6AEF1C5}
2011-10-29 20:52:15   --------   d-----w-   C:\Users\debbie\AppData\Local\{F4BAE64E-53FE-4533-830E-B1BD96B403DC}
2011-10-29 08:51:52   --------   d-----w-   C:\Users\debbie\AppData\Local\{B5701254-D239-4BCF-AA8C-CE4F2C0C4E9B}
2011-10-29 08:51:42   --------   d-----w-   C:\Users\debbie\AppData\Local\{0A93772F-978B-4DD4-B3A3-19B0B547D330}
2011-10-29 08:51:31   --------   d-----w-   C:\Users\debbie\AppData\Local\{29A212FB-7E71-48B1-AC8A-768D86B5760F}
2011-10-29 08:51:20   --------   d-----w-   C:\Users\debbie\AppData\Local\{5358B238-ABBF-490C-80F0-840E5F4CFD8E}
2011-10-28 20:50:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{6A08777B-693E-4558-B115-A4FFAB0DD288}
2011-10-28 20:50:43   --------   d-----w-   C:\Users\debbie\AppData\Local\{02E6AE1D-855A-4EFD-B3C8-FCF141E29A81}
2011-10-28 08:50:16   --------   d-----w-   C:\Users\debbie\AppData\Local\{84CAC7B6-2658-4742-B75E-F6A2CC6F3096}
2011-10-28 08:50:05   --------   d-----w-   C:\Users\debbie\AppData\Local\{97ACC7B6-7329-4DF7-9748-8A5E377C6773}
2011-10-27 20:49:52   --------   d-----w-   C:\Users\debbie\AppData\Local\{11E9270B-E06B-4DF6-B9FA-0884FE41EE6A}
2011-10-27 20:49:41   --------   d-----w-   C:\Users\debbie\AppData\Local\{9CEA4D64-2404-4899-8C86-B3D48686DAA2}
2011-10-27 08:49:26   --------   d-----w-   C:\Users\debbie\AppData\Local\{958E0352-6F52-4332-9C67-D0782EB64DE0}
2011-10-27 08:48:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{E4F9F9B1-8EC7-416A-AEEF-B44D90ED8F67}
2011-10-26 20:48:46   --------   d-----w-   C:\Users\debbie\AppData\Local\{83A31975-3C97-4111-B00F-1EB7E679BFEB}
2011-10-26 20:48:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{35C7D979-CF55-4DBD-A79D-B8BE61FAA379}
2011-10-26 08:48:22   --------   d-----w-   C:\Users\debbie\AppData\Local\{95F3300F-C12F-448F-A56C-38268D272F6B}
2011-10-26 08:48:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{A5A933A2-7C65-41DD-BF5E-23B2C9D5390C}
2011-10-25 20:47:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{7DA0E8FA-D1EC-4362-8C38-497A17F1B85F}
2011-10-25 20:47:45   --------   d-----w-   C:\Users\debbie\AppData\Local\{E17290FD-FFFA-4A61-8C96-4CE2252D8F0D}
2011-10-25 08:47:33   --------   d-----w-   C:\Users\debbie\AppData\Local\{1A2A8787-A493-4FD7-8A5F-875DD239F151}
2011-10-25 08:47:22   --------   d-----w-   C:\Users\debbie\AppData\Local\{B8BE6DFC-91E2-45FD-83E6-F6C435A06244}
2011-10-24 20:47:09   --------   d-----w-   C:\Users\debbie\AppData\Local\{00314AD0-2C99-4CDF-BA54-13B8BD54F029}
2011-10-24 20:46:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{C4D3FCD2-E324-4D17-8FBD-EBA9B32887CF}
2011-10-24 08:46:46   --------   d-----w-   C:\Users\debbie\AppData\Local\{48FAEB43-A08F-4040-A68C-E94D5FAD25F4}
2011-10-24 08:46:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{83271D93-B859-40A2-952D-6ACCA557DF76}
2011-10-23 20:46:22   --------   d-----w-   C:\Users\debbie\AppData\Local\{FDA6E745-D0C1-4C62-970A-28089D23D982}
2011-10-23 20:46:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{2DF798C0-805E-41AB-B707-2BA05C2A5AE3}
2011-10-23 08:45:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{B6977F4A-1183-4A85-9DFF-BFDFA2EB2607}
2011-10-23 08:45:48   --------   d-----w-   C:\Users\debbie\AppData\Local\{0E2A3A3A-04BF-4404-9080-A5A5B7E0C8DB}
2011-10-22 20:45:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{D35C0449-C77E-4905-8224-AA4DFFAD74E1}
2011-10-22 20:45:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{600A0BEE-6C48-4299-8CEC-1196B65EB0A6}
2011-10-22 08:45:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{D051BB0B-9A23-4EB6-BB6B-C580DA0B244C}
2011-10-22 08:45:01   --------   d-----w-   C:\Users\debbie\AppData\Local\{EFF624E6-2F16-4CCC-8730-82DF8B8CBFEC}
2011-10-21 20:44:48   --------   d-----w-   C:\Users\debbie\AppData\Local\{593229EB-7AB7-4CED-9840-443A0E0C5795}
2011-10-21 20:44:30   --------   d-----w-   C:\Users\debbie\AppData\Local\{B9B0F7E6-CC2B-42F5-9E3F-E64A424DDA19}
2011-10-21 08:44:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{4023FBC2-BD88-465A-B404-08F4CD938012}
2011-10-21 08:44:06   --------   d-----w-   C:\Users\debbie\AppData\Local\{3B63B46E-F5D5-4563-A565-FF822AF971DF}
2011-10-20 20:43:53   --------   d-----w-   C:\Users\debbie\AppData\Local\{7F552F98-5AE2-40A1-A6BB-CBBE324B5A69}
2011-10-20 20:43:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{60EBA5E1-15AB-4F5C-9855-7AA5BF95457E}
2011-10-20 08:43:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{277924B6-EFE8-4743-B995-D1EB5D1B75A7}
2011-10-20 08:43:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{72099ACB-DA3D-4E0D-93C8-D97CD75C81B8}
2011-10-19 20:42:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{F1F0657F-0E54-4D9F-8921-8464A57BBD6B}
2011-10-19 20:42:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{8AC059F5-B4EA-4DA5-BE58-1F8EA3A7E3B6}
2011-10-19 08:42:33   --------   d-----w-   C:\Users\debbie\AppData\Local\{A2C7DA01-ABEF-483B-8D4B-C7EE4689826A}
2011-10-19 08:42:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{D0F2B3E3-1BB1-4094-A4C0-38987783A9F5}
2011-10-18 20:42:09   --------   d-----w-   C:\Users\debbie\AppData\Local\{E9AD2A36-B2FC-431E-9D64-CAB39D06B646}
2011-10-18 20:41:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{16A31F84-11B2-4014-B28B-0A60ADA71BDB}
2011-10-18 08:41:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{7137B1F8-03F1-4F8A-A7A7-193990C46E00}
2011-10-18 08:41:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{FE6AB8AE-DA6B-4537-92F1-6A591F51361A}
2011-10-17 20:40:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{81D99340-D731-45EC-8876-E57CDA61D6C9}
2011-10-17 20:40:44   --------   d-----w-   C:\Users\debbie\AppData\Local\{F251EE1D-8C7E-410A-9857-341C81EDD841}
2011-10-17 08:40:30   --------   d-----w-   C:\Users\debbie\AppData\Local\{D4C9602D-557F-4E6A-9EA4-621AA235B1A0}
2011-10-17 08:40:18   --------   d-----w-   C:\Users\debbie\AppData\Local\{70665518-A6A0-4575-9F96-8245E430DA0F}
2011-10-16 20:40:05   --------   d-----w-   C:\Users\debbie\AppData\Local\{55ADDC2C-6F17-4DC7-9BA3-4F0F05764FD6}
2011-10-16 20:39:54   --------   d-----w-   C:\Users\debbie\AppData\Local\{4FB560F4-BD4D-4F89-B17E-FCA9304E6C4C}
2011-10-16 08:39:29   --------   d-----w-   C:\Users\debbie\AppData\Local\{47DAC8E2-137C-4226-9789-5A4CAE08D776}
2011-10-16 08:39:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{CA82AB58-9E83-4DD6-BA49-04FE53CE3ED1}
2011-10-16 08:38:56   --------   d-----w-   C:\Users\debbie\AppData\Local\{E74D8A9D-CBCC-4A4E-8828-0D189CA6FAE7}
2011-10-15 20:38:41   --------   d-----w-   C:\Users\debbie\AppData\Local\{BDB82630-ABA6-4422-85EF-479FFF29EBC8}
2011-10-15 20:38:28   --------   d-----w-   C:\Users\debbie\AppData\Local\{FD7560CA-3682-4707-8758-3097CD3A8511}
2011-10-15 20:38:14   --------   d-----w-   C:\Users\debbie\AppData\Local\{EA15CBAA-917A-4524-8869-422D2D242521}
2011-10-15 20:37:57   --------   d-----w-   C:\Users\debbie\AppData\Local\{AC6CFDE0-9C61-4FBC-8595-7D1A39865BCE}
2011-10-15 16:51:02   --------   d-----w-   C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
.
==================== Find3M ====================
.
2011-10-14 08:35:17   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 06:23:46   283728   ----a-w-   C:\Windows\System32\drivers\avgldx64.sys
2011-09-13 15:27:50   0   ----a-w-   C:\Windows\SysWow64\ConduitEngine.tmp
2011-09-13 05:30:08   37456   ----a-w-   C:\Windows\System32\drivers\avgrkx64.sys
2011-09-01 05:24:07   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57   1389056   ----a-w-   C:\Windows\System32\wininet.dll
2011-09-01 05:12:04   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15   1126912   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-08-31 16:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-08-30 22:05:32   96104   ----a-w-   C:\Windows\System32\dns-sd.exe
2011-08-30 22:05:32   85864   ----a-w-   C:\Windows\System32\dnssd.dll
2011-08-30 22:05:32   61288   ----a-w-   C:\Windows\System32\jdns_sd.dll
2011-08-30 22:05:32   212840   ----a-w-   C:\Windows\System32\dnssdX.dll
2011-08-30 22:05:04   83816   ----a-w-   C:\Windows\SysWow64\dns-sd.exe
2011-08-30 22:05:04   73064   ----a-w-   C:\Windows\SysWow64\dnssd.dll
2011-08-30 22:05:04   50536   ----a-w-   C:\Windows\SysWow64\jdns_sd.dll
2011-08-30 22:05:04   178536   ----a-w-   C:\Windows\SysWow64\dnssdX.dll
2011-08-27 05:37:49   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:26:46   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 16:38:11.90 ===============

bchirpy · « **Reply #2 on:** November 14, 2011, 10:07:15 AM »

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 07/07/2011 13:49:26
System Uptime: 13/11/2011 09:44:43 (31 hours ago)
.
Motherboard: Acer | | Aspire M3400
Processor: AMD Phenom(tm) II X6 1035T Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 84.119 GiB free.
D: is FIXED (NTFS) - 226 GiB total, 225.544 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 932 GiB total, 842.966 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP67: 10/11/2011 03:00:14 - Windows Update
RP68: 11/11/2011 03:00:12 - Windows Update
RP69: 11/11/2011 08:39:46 - Windows Update
RP70: 14/11/2011 14:26:50 - Windows Update
RP71: 14/11/2011 15:39:36 - Installed HiJackThis
RP72: 14/11/2011 16:27:17 - Installed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acer Arcade Deluxe
Acer Arcade Movie
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Advertising Center
Amazon MP3 Downloader 1.0.9
Amazonia
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
Bejeweled 2 Deluxe
BitTorrent
blinkbox Download Manager
Cake Mania
Chicken Invaders 2
Consumer Input Software (remove only)
Coupon Printer
CyberLink PowerDVD 9
D3DX10
Dairy Dash
Dream Day First Home
DYMO Label v.8
eBay Worldwide
eMule
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EpsonNet Print
EpsonNet Setup
eSobi v2
Farm Frenzy 2
File Type Assistant
Final Media Player 2011
Free Studio version 5.1.7
Galapago
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
HiJackThis
Hotkey Utility
HP Button Manager
HP Webcam User's Guide
Identity Card
ImagXpress
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
MediaShow Espresso
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NVIDIA PhysX
Paltalk Messenger
Panda ActiveScan 2.0
Peggle Nights
QuickTime
Realtek High Definition Audio Driver
RoboForm 7-3-2 (All Users)
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Shredder
Spin & Win
TP-LINK Wireless Client Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC 9.0 Runtime
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
14/11/2011 13:41:40, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
14/11/2011 13:41:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Download    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072efe    Error description: The connection with the server was terminated abnormally
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiVirus    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
14/11/2011 13:11:39, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.    New Signature Version:     Previous Signature Version: 0.0.0.0    Update Source: Microsoft Malware Protection Center    Update Stage: Search    Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094    Signature Type: AntiSpyware    Update Type: Full    User: debbie-PC\debbie    Current Engine Version:     Previous Engine Version: 0.0.0.0    Error code: 0x80072f76    Error description: The requested header was not found
13/11/2011 20:02:48, Error: Service Control Manager [7030] - The Local System Utility service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
13/11/2011 09:51:45, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
08/11/2011 18:26:40, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user debbie-PC\debbie SID (S-1-5-21-2872453390-2521149967-1654224917-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
08/11/2011 15:59:14, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR8.
.
==== End Of File ===========================

bchirpy · « **Reply #3 on:** November 14, 2011, 10:32:39 AM »

noted that i should post mbam and sas logs so running again

bchirpy · « **Reply #4 on:** November 14, 2011, 11:24:41 AM »

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8161

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14/11/2011 18:21:23
mbam-log-2011-11-14 (18-21-23).txt

Scan type: Full scan (C:\|D:\|E:\|L:\|)
Objects scanned: 350959
Time elapsed: 1 hour(s), 9 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

bchirpy · « **Reply #5 on:** November 14, 2011, 11:41:40 AM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2011 at 06:40 PM

Application Version : 5.0.1136

Core Rules Database Version : 7937
Trace Rules Database Version: 5749

Scan type : Complete Scan
Total Scan Time : 01:30:28

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 686
Memory threats detected : 0
Registry items scanned : 70968
Registry threats detected : 0
File items scanned : 55470
File threats detected : 4

Adware.Tracking Cookie
   C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\RZE1EKMI.txt [ Cookie:[email protected]/ ]
   C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SF6YJL3Z.txt [ Cookie:[email protected]/ ]
   C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROWUE38V.txt [ Cookie:[email protected]/ ]
   C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9AFW61S8.txt [ Cookie:[email protected]/ ]

Linux711 · « **Reply #6 on:** November 14, 2011, 11:48:43 AM »

Do you really expect someone to read all that? I would just disable all your startup items in msconfig (except for the ones obviously associated with your antivirus software).

Mod Edit: Yes! that's why this forum is here. To remove malware, not just the symptoms of malware. Would you like to learn to fight malware?

bchirpy · « **Reply #7 on:** November 14, 2011, 12:13:33 PM »

how do i do that? I didn't realise i had to disable startup items ?

bchirpy · « **Reply #8 on:** November 14, 2011, 12:16:21 PM »

ok have disabled most - which log do i need to do again?

SuperDave · « **Reply #9 on:** November 14, 2011, 12:46:39 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
The logs show that you're running two Anti-Virus programs; Microsoft Security Essentials and AVG Anti-Virus Free Edition 2012 . One will have to be disabled. I would suggest removing AVG.

P2P - I see you have P2P software installed on your machine. BitTorrentWe are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
******************************************************
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO-X64:     AcroIEHelperStub - No File
BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64:     RoboForm BHO - No File
BHO-X64:     ZoneAlarm Security Engine Registrar - No File
BHO-X64:     DCA - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

bchirpy · « **Reply #10 on:** November 14, 2011, 01:04:52 PM »

========== OTL ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11142011_200432

bchirpy · « **Reply #11 on:** November 14, 2011, 01:49:16 PM »

Many thanks for your help superdave here is the combofix report log

ComboFix 11-11-14.02 - debbie 14/11/2011 20:26:48.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4080.2681 [GMT 0:00]
Running from: c:\users\debbie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\debbie\AppData\Local\common_functions.dll
c:\users\debbie\AppData\Local\ie_runner_app.exe
c:\windows\Downloaded Program Files\popcaploader.inf
L:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 20:33 . 2011-11-14 20:33   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\offreg.dll
2011-11-14 20:31 . 2011-11-14 20:31   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-11-14 20:07 . 2011-11-14 20:07   --------   d-----w-   c:\users\debbie\AppData\Roaming\AVG2012
2011-11-14 20:04 . 2011-11-14 20:04   --------   d-----w-   C:\_OTL
2011-11-14 16:29 . 2011-11-14 16:29   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-11-14 16:28 . 2011-11-14 16:28   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-11-14 16:28 . 2011-11-14 16:28   --------   d-----w-   c:\program files (x86)\Java
2011-11-14 15:41 . 2011-11-14 15:41   388096   ----a-r-   c:\users\debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 15:41 . 2011-11-14 15:41   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-11-14 13:58 . 2011-10-18 01:27   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\mpengine.dll
2011-11-14 13:11 . 2011-10-04 17:22   917840   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7845E7E-B698-4FC8-9C97-AC5D378A5456}\gapaengine.dll
2011-11-14 11:17 . 2011-11-14 11:17   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-11-14 11:17 . 2011-11-14 11:18   --------   d-----w-   c:\program files\Microsoft Security Client
2011-11-13 09:51 . 2011-11-14 16:40   --------   d-----w-   c:\windows\Internet Logs
2011-11-12 09:17 . 2011-11-13 09:51   --------   d-----w-   c:\program files (x86)\CheckPoint
2011-11-11 09:17 . 2011-11-11 09:17   --------   d-----w-   c:\users\debbie\AppData\Local\Sanford,_L.P
2011-11-11 09:16 . 2011-11-11 09:17   --------   d-----w-   c:\users\debbie\AppData\Local\DYMO
2011-11-11 09:06 . 2011-11-11 09:06   --------   d-----w-   c:\program files (x86)\DYMO
2011-11-11 09:06 . 2011-11-11 09:06   --------   d-----w-   c:\programdata\DYMO
2011-11-09 08:59 . 2011-10-01 05:45   886784   ----a-w-   c:\program files\Common Files\System\wab32.dll
2011-11-09 08:59 . 2011-10-01 04:37   708608   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 08:59 . 2011-09-29 16:29   1923952   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2011-11-09 08:59 . 2011-09-29 04:03   3144704   ----a-w-   c:\windows\system32\win32k.sys
2011-10-21 23:46 . 2011-10-21 23:46   --------   d-----w-   c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 18:46 . 2011-07-08 02:26   159080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-14 08:35 . 2011-07-17 15:31   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-13 15:27 . 2011-09-13 15:27   0   ----a-w-   c:\windows\SysWow64\ConduitEngine.tmp
2011-09-01 05:24 . 2011-10-14 02:00   2309120   ----a-w-   c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-14 02:00   1389056   ----a-w-   c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-14 02:01   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-14 02:00   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-14 02:01   1126912   ----a-w-   c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-14 02:01   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2011-08-31 16:00 . 2011-07-20 11:59   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-30 22:05 . 2011-08-30 22:05   96104   ----a-w-   c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05   85864   ----a-w-   c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05   61288   ----a-w-   c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05   212840   ----a-w-   c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05   83816   ----a-w-   c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05   73064   ----a-w-   c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05   50536   ----a-w-   c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05   178536   ----a-w-   c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-13 11:20   861696   ----a-w-   c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 11:20   331776   ----a-w-   c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 11:20   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 11:20   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
2011-08-17 05:26 . 2011-10-13 11:24   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2011-08-17 05:25 . 2011-10-13 11:24   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2011-08-17 04:24 . 2011-10-13 11:24   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2011-08-17 04:19 . 2011-10-13 11:24   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03   120176   ----a-w-   c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
R3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-13 140672]
S2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2010/06/23 23:37];c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [2010-04-15 11:05 146928]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/23 18:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys

S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
.
2011-11-14 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-03 14:24]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 15:31]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 15:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotukdeals.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - c:\users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.0.1
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
Toolbar-Locked - (no file)
HKLM-Run-ISW - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6E090BD5-4EF5-4bf0-A968-74049E88E935}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2872453390-2521149967-1654224917-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2872453390-2521149967-1654224917-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2011-11-14 20:37:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 20:37
.
Pre-Run: 90,532,724,736 bytes free
Post-Run: 90,173,460,480 bytes free
.
- - End Of File - - C911B48FE127F7266FD0A61F33ADA2ED

SuperDave · « **Reply #12 on:** November 14, 2011, 04:47:22 PM »

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

bchirpy · « **Reply #13 on:** November 15, 2011, 01:20:51 AM »

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:224 Go - Free:83 Go )
D:\ [Fixed-NTFS] .. ( Total:225 Go - Free:225 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
K:\ [Removable]
L:\ [Fixed-NTFS] .. ( Total:931 Go - Free:843 Go )
Q:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 08:19.14
Path : C:\Users\debbie\Desktop\Rooter.exe
User : debbie ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______

? (328)
______

? (484)
______

? (568)
______

? (600)
______

? (624)
______

? (648)
______

? (656)
______

? (764)
______

? (828)
______

? (868)
______

? (932)
______

? (956)
______

? (128)
______

? (340)
______

? (412)
______

? (1132)
______

? (1284)
______

? (1292)
______

? (1352)
______

? (1516)
______

? (1524)
______

? (1732)
______

? (1828)
______

? (1856)
______

? (1944)
______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1964)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1988)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2012)
______

? (2036)
______

? (1116)
______

? (1876)
______

? (2032)
______

? (2068)
______ C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (2096)
______ C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (2192)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2516)
______

? (2544)
______ C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (2580)
______ C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2624)
______

? (2676)
______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2784)
______

? (2824)
______ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3228)
______

? (3472)
______

? (3508)
______

? (3852)
______

? (3940)
______

? (3964)
______

? (2800)
______

? (3748)
______

? (3760)
______ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1436)
______ C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (3584)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3696)
______

? (4128)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4260)
______

? (4540)
______

? (4736)
______

? (4824)
______

? (3624)
______

? (3824)
______

? (5320)
______

? (5772)
Locked C:\Program Files (x86)\Internet Explorer\iexplore.exe (5988)
Locked C:\Program Files (x86)\Internet Explorer\iexplore.exe (6056)
______ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (4520)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (5440)
______ C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (5828)
______ C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (5092)
______ C:\Program Files (x86)\iTunes\iTunes.exe (3608)
Locked

? (2844)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (1036)
______

? (5552)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (3440)
______

? (3432)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (4016)
______

? (4248)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (5888)
______

? (5864)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (1048)
______

? (6116)
______

? (5632)
______

? (3156)
______

? (5896)
______

? (2552)
______

? (5196)
______ C:\Users\debbie\Desktop\Rooter.exe (1392)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:16106127360)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:16107175936 | Length:104857600)
\Device\Harddisk0\Partition3 (Start_Offset:16212033536 | Length:241539481600)
\Device\Harddisk0\Partition4 (Start_Offset:257751515136 | Length:242288164864)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Epson Printer Software Downloader.job
C:\Windows\Tasks\Final Media Player Update Checker.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 08:19.27
.
C:\Rooter$\Rooter_2.txt - (15/11/2011 | 08:19.27)

SuperDave · « **Reply #14 on:** November 15, 2011, 11:49:41 AM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Computer Hope Forum

News:

Author Topic: virus but viral removal tools cant seem to find it (Read 19280 times)

bchirpy

virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

Linux711

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

SuperDave

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

SuperDave

Re: virus but viral removal tools cant seem to find it

bchirpy

Re: virus but viral removal tools cant seem to find it

SuperDave

Re: virus but viral removal tools cant seem to find it