Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: virus but viral removal tools cant seem to find it  (Read 11127 times)

0 Members and 1 Guest are viewing this topic.

bchirpy

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    virus but viral removal tools cant seem to find it
    « on: November 14, 2011, 10:03:43 AM »
    Please assist me as i think i have a virus - its deleting mail in twos and closing tabs in twos also affecting itunes and windows media player not closing turing off when clicking on close/stop.
    Ive run mbam and super anti spyware both find nothing - dr web - still runnning but so far nothing, hijack this wont save to notepad not sure if it ends abbruptly,cccleaner has run, have dds files and will post next - updated java - but javara had a problem.

    bchirpy

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: virus but viral removal tools cant seem to find it
      « Reply #1 on: November 14, 2011, 10:05:37 AM »
      .
      DDS (Ver_2011-08-26.01) - NTFSAMD64
      Internet Explorer: 9.0.8112.16421
      Run by debbie at 16:36:52 on 2011-11-14
      Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4080.1703 [GMT 0:00]
      .
      AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
      AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
      SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
      SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
      .
      ============== Running Processes ===============
      .
      C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
      C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\nvvsvc.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\system32\WLANExt.exe
      C:\Windows\system32\conhost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
      C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
      C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
      C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
      C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
      C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
      C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
      C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
      C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
      C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
      C:\Program Files\Acer\Acer Updater\UpdaterService.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
      C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
      C:\Windows\system32\WUDFHost.exe
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
      C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
      C:\Program Files (x86)\Consumer Input\dca-ua.exe
      C:\Program Files (x86)\BitTorrent\BitTorrent.exe
      C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
      C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
      C:\Program Files (x86)\HP Button Manager\BM.exe
      C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
      C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
      C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
      C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
      C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
      C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
      C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
      C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
      C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      C:\Program Files (x86)\iTunes\iTunesHelper.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Windows\system32\DllHost.exe
      C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
      C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
      C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
      C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
      C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
      C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
      C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
      C:\Windows\system32\conhost.exe
      C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
      C:\Windows\system32\conhost.exe
      C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
      C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
      C:\Users\debbie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EGKU7VGI\a322r97g.exe
      C:\Users\debbie\AppData\Local\Temp\E5B603AF-169516C9-307B3415-4F8D56AA\a1613e.exe
      C:\Users\debbie\AppData\Local\Temp\E5B603AF-169516C9-307B3415-4F8D56AA\68594_xp.exe
      C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
      C:\Windows\system32\taskhost.exe
      C:\Program Files\Microsoft Security Client\msseces.exe
      C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
      C:\Windows\system32\WUDFHost.exe
      C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
      C:\Windows\system32\msiexec.exe
      C:\Program Files\CCleaner\CCleaner64.exe
      C:\Program Files\CCleaner\CCleaner64.exe
      C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files (x86)\Internet Explorer\iexplore.exe
      C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\conhost.exe
      C:\Windows\SysWOW64\cscript.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.hotukdeals.com/
      uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
      mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
      mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
      uInternet Settings,ProxyOverride = *.local
      uURLSearchHooks: H - No File
      uURLSearchHooks: H - No File
      mWinlogon: Userinit=userinit.exe
      BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
      BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
      BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
      BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
      BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
      TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
      TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
      TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      uRun: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SA2.tmp" /EF "HKCU"
      uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
      uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
      uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe
      uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
      uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
      uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
      mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
      mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
      mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
      mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
      mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
      mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
      mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
      mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
      mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
      mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
      mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
      mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
      mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP Button Manager\BM.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
      mPolicies-explorer: NoActiveDesktop = 1 (0x1)
      mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
      mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
      mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
      mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
      IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
      IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      IE: Free YouTube Download - C:\Users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
      IE: Free YouTube to MP3 Converter - C:\Users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
      IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
      IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
      IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
      DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
      DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
      DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
      DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
      TCP: DhcpNameServer = 192.168.0.1
      TCP: Interfaces\{1DE661A7-CBD7-411B-A619-99EF7096102E} : DhcpNameServer = 192.168.0.1
      TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745} : DhcpNameServer = 192.168.0.1
      TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745}\3596475636F6D6534313346373 : DhcpNameServer = 192.168.0.1
      TCP: Interfaces\{D0E8DAD0-D467-482D-B0C2-EC67DDC98745}\E45647765616270223 : DhcpNameServer = 192.168.0.1
      Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
      Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      BHO-X64:     AcroIEHelperStub - No File
      BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
      BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
      C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
      BHO-X64:     RoboForm BHO - No File
      BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
      BHO-X64:     ZoneAlarm Security Engine Registrar - No File
      BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
      BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll
      BHO-X64:     DCA - No File
      BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
      TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
      TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
      TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
      mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
      mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
      mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
      mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
      mRun-x64: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
      mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
      mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
      mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
      mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
      mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
      mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
      mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
      mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
      mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
      mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
      IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
      R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
      R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
      R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
      R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
      R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
      R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
      R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
      R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
      R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
      R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
      R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
      R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
      R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
      R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2010/06/23 23:37:12];C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [2010-4-15 146928]
      R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/23 18:48:48];C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [2009-9-1 146928]
      R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
      R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
      R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
      R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
      R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
      R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
      R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
      R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
      R3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
      R3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
      R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
      R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
      R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
      R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
      R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
      R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
      R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
      RUnknown DwProt;DwProt;

      S3 arusb_win7x;Service For TP-LINK Wireless N Adapter;C:\Windows\system32\DRIVERS\arusb_win7x.sys --> C:\Windows\system32\DRIVERS\arusb_win7x.sys [?]
      S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
      .
      =============== Created Last 30 ================
      .
      2011-11-14 16:28:51   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
      2011-11-14 15:41:10   388096   ----a-r-   C:\Users\debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
      2011-11-14 15:41:09   --------   d-----w-   C:\Program Files (x86)\Trend Micro
      2011-11-14 13:58:04   69000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\offreg.dll
      2011-11-14 13:58:03   8570192   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\mpengine.dll
      2011-11-14 13:11:57   917840   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7845E7E-B698-4FC8-9C97-AC5D378A5456}\gapaengine.dll
      2011-11-14 11:17:55   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
      2011-11-14 11:17:01   --------   d-----w-   C:\Program Files\Microsoft Security Client
      2011-11-14 10:03:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{BC759C66-62EC-4828-B88D-5E51E28C2003}
      2011-11-14 10:03:27   --------   d-----w-   C:\Users\debbie\AppData\Local\{A4934B08-F1C9-4890-A1A3-E9EEA05AB8F9}
      2011-11-13 22:03:02   --------   d-----w-   C:\Users\debbie\AppData\Local\{CAB90685-3E29-47D8-99F4-15A27AC0F802}
      2011-11-13 22:02:51   --------   d-----w-   C:\Users\debbie\AppData\Local\{D9B06C1A-4034-47F1-8C49-AFACFDDF9D8B}
      2011-11-13 22:02:40   --------   d-----w-   C:\Users\debbie\AppData\Local\{2135084C-FF37-4787-AE4A-C12F112865B3}
      2011-11-13 10:02:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{0ADFA177-B1C1-4727-86A4-C437F6B76A39}
      2011-11-13 10:02:06   --------   d-----w-   C:\Users\debbie\AppData\Local\{A866AD3D-D4BD-4C50-85AA-7BA4DBA22EDE}
      2011-11-13 10:01:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{DA0C0867-0971-4236-8BAC-91D7682AE2D1}
      2011-11-13 10:01:44   --------   d-----w-   C:\Users\debbie\AppData\Local\{D8D29A8E-3A1B-4098-BCB5-B2906C8E472E}
      2011-11-13 09:51:53   --------   d-----w-   C:\Windows\Internet Logs
      2011-11-12 22:01:19   --------   d-----w-   C:\Users\debbie\AppData\Local\{0012A43F-E73F-4B62-91A1-573E41EA32BD}
      2011-11-12 22:01:07   --------   d-----w-   C:\Users\debbie\AppData\Local\{619BAEAB-E7D1-4BF2-99F6-4EA092CC6C6C}
      2011-11-12 21:18:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{56D6A48F-E783-442A-841E-CFA93A02E210}
      2011-11-12 09:18:04   --------   d-----w-   C:\Users\debbie\AppData\Local\{D34DD43C-37C3-4CB1-BC9A-063CF4E707A1}
      2011-11-12 09:17:54   --------   d-----w-   C:\Users\debbie\AppData\Local\{282CA071-315D-4050-8E24-4EB4B423C162}
      2011-11-12 09:17:43   --------   d-----w-   C:\Program Files (x86)\CheckPoint
      2011-11-12 09:17:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{43582B0A-2849-41BF-ACD0-E9831A9139EF}
      2011-11-11 21:17:19   --------   d-----w-   C:\Users\debbie\AppData\Local\{32F53044-B00A-40C6-BF42-EB5F8C9CE434}
      2011-11-11 21:17:08   --------   d-----w-   C:\Users\debbie\AppData\Local\{7C0159AF-6502-4091-9C52-25A7884DEE08}
      2011-11-11 21:16:57   --------   d-----w-   C:\Users\debbie\AppData\Local\{DC507951-AA92-46C4-8722-3E0CDAFCA001}
      2011-11-11 09:17:44   --------   d-----w-   C:\Users\debbie\AppData\Local\Sanford,_L.P
      2011-11-11 09:16:38   --------   d-----w-   C:\Users\debbie\AppData\Local\DYMO
      2011-11-11 09:16:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{A2C74583-244B-4659-A72A-FE80053AA5AE}
      2011-11-11 09:16:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{43FBB91E-8A39-49CA-94B2-A7F1791C432A}
      2011-11-11 09:16:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{E5505424-BDD2-4A0C-A95D-2E85850BE26B}
      2011-11-11 09:15:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{2EEC7660-E17E-4AE8-8699-917A44E99349}
      2011-11-11 09:06:30   --------   d-----w-   C:\Program Files (x86)\DYMO
      2011-11-11 09:06:28   --------   d-----w-   C:\ProgramData\DYMO
      2011-11-10 21:15:34   --------   d-----w-   C:\Users\debbie\AppData\Local\{038BF94B-1C1E-4DEF-8338-FAC64AF0D9BD}
      2011-11-10 21:15:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{2E2C6693-3947-4AC0-8416-0522141EE8CB}
      2011-11-10 09:14:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{8E34B4ED-3E6B-4902-97A3-823023E41F5B}
      2011-11-10 09:14:46   --------   d-----w-   C:\Users\debbie\AppData\Local\{FD46DDC7-67C4-4B4C-913E-1638168BE07D}
      2011-11-09 21:04:00   --------   d-----w-   C:\Users\debbie\AppData\Local\{79B35D4C-1DB1-439F-AC9A-57B60C655F66}
      2011-11-09 21:03:48   --------   d-----w-   C:\Users\debbie\AppData\Local\{779CBBCA-2D63-4DB1-95F3-1BDED02E38E9}
      2011-11-09 09:03:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{FA3642A1-7FE5-40F7-AC48-028E97C2FEA8}
      2011-11-09 09:03:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{449F6F9E-9DA8-4117-BD54-C4693437F82D}
      2011-11-09 09:02:49   --------   d-----w-   C:\Users\debbie\AppData\Local\{FE5EC346-7884-40B7-AD4E-FFFE59BF9805}
      2011-11-09 08:59:44   886784   ----a-w-   C:\Program Files\Common Files\System\wab32.dll
      2011-11-09 08:59:44   708608   ----a-w-   C:\Program Files (x86)\Common Files\System\wab32.dll
      2011-11-09 08:59:43   1923952   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
      2011-11-09 08:59:42   3144704   ----a-w-   C:\Windows\System32\win32k.sys
      2011-11-08 21:02:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{88EAB128-AB34-40F6-B17C-CEBC42EC8646}
      2011-11-08 21:02:26   --------   d-----w-   C:\Users\debbie\AppData\Local\{9E4996E2-CD77-4BDA-BA14-58AF64864879}
      2011-11-08 09:02:01   --------   d-----w-   C:\Users\debbie\AppData\Local\{24BE27F3-554D-4FF8-A795-274D4EFCB612}
      2011-11-08 09:01:51   --------   d-----w-   C:\Users\debbie\AppData\Local\{47999781-7EC5-4CE4-8C1F-10B3FB79D12B}
      2011-11-08 09:01:29   --------   d-----w-   C:\Users\debbie\AppData\Local\{48936F55-BB75-46C7-BA55-F5C7E09B7A20}
      2011-11-07 21:01:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{9296972D-58F7-40FD-8584-329DE974A5E9}
      2011-11-07 21:01:01   --------   d-----w-   C:\Users\debbie\AppData\Local\{3B8677C7-F9E7-4203-8C9A-00F90D02C54C}
      2011-11-07 09:00:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{34FE005D-CC0B-4170-AC8C-1086136946FE}
      2011-11-06 21:00:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{F2B9C7A7-8554-45BD-A2A1-15B1270A9E74}
      2011-11-06 09:03:39   --------   d-----w-   C:\Users\debbie\AppData\Local\{EFB7418E-F8C2-4978-A74F-A29AF34665B0}
      2011-11-05 21:03:27   --------   d-----w-   C:\Users\debbie\AppData\Local\{5CA5311D-A884-4B18-BD49-358557FDD649}
      2011-11-05 21:03:16   --------   d-----w-   C:\Users\debbie\AppData\Local\{CCD58C8A-DE75-4204-8C6A-CDA48D0BCCE1}
      2011-11-05 21:02:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{791DD459-BFBD-4074-A0AE-8266C0404DBA}
      2011-11-05 09:02:42   --------   d-----w-   C:\Users\debbie\AppData\Local\{4ECEE8B8-B02A-4422-B8A0-51190B16057D}
      2011-11-05 09:02:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{0E78E001-BB84-4033-9C97-EACA114E099D}
      2011-11-05 09:02:10   --------   d-----w-   C:\Users\debbie\AppData\Local\{D817A9DB-1F73-431E-89F5-4C8AF73E02BC}
      2011-11-04 21:01:53   --------   d-----w-   C:\Users\debbie\AppData\Local\{0E3D0920-290B-4BA2-A114-7CD6BCFAF28B}
      2011-11-04 21:01:42   --------   d-----w-   C:\Users\debbie\AppData\Local\{1E9926AC-1089-4DBA-B37E-7E3E233728FF}
      2011-11-04 09:01:19   --------   d-----w-   C:\Users\debbie\AppData\Local\{8559920D-47EB-4866-BDF6-9457B8E14F6C}
      2011-11-04 09:01:08   --------   d-----w-   C:\Users\debbie\AppData\Local\{649AB61A-8F5D-45A9-ADBC-AE6512442DB9}
      2011-11-04 09:00:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{2C6BE58D-A510-4AAD-8786-DDE2587A18F9}
      2011-11-03 21:00:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{C52CDA4C-860A-4DE7-8A8F-98BC4F7F455F}
      2011-11-03 21:00:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{29043106-8D73-4FE6-90DB-94C5FB98090B}
      2011-11-03 21:00:13   --------   d-----w-   C:\Users\debbie\AppData\Local\{D34353ED-E1CF-4C5B-A230-B512A551518C}
      2011-11-03 21:00:02   --------   d-----w-   C:\Users\debbie\AppData\Local\{EB2E56EB-90BE-463A-BE88-D6C81E35CDFE}
      2011-11-03 08:59:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{68774FF2-0388-40A4-A0ED-9EAE24A9FB2F}
      2011-11-03 08:59:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{C27BA0A2-43FB-49FF-B9FF-314E711ADDD0}
      2011-11-02 20:58:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{A9EABDD7-B47F-4FEC-97AA-E48EACAF3715}
      2011-11-02 20:58:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{B87A1FB7-FEEF-40A1-A328-F1B59EED3727}
      2011-11-02 20:58:36   --------   d-----w-   C:\Users\debbie\AppData\Local\{4E9DBCB1-52B1-45B7-ADE3-6BEA3513B15E}
      2011-11-02 08:58:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{09FCBEE5-1D30-4F8D-B438-0ED49A085E68}
      2011-11-02 08:58:00   --------   d-----w-   C:\Users\debbie\AppData\Local\{C8FD500B-2A14-4F66-83BA-76A1B73A4D37}
      2011-11-02 08:57:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{85FEA4DB-EC69-4B5F-8695-767B22D6C236}
      2011-11-01 20:57:25   --------   d-----w-   C:\Users\debbie\AppData\Local\{AB4404EB-DBF1-4EF3-BD50-F8A1B556DAF7}
      2011-11-01 20:57:14   --------   d-----w-   C:\Users\debbie\AppData\Local\{68E0E89E-53D7-47BB-898B-9F4F9FCD9C4E}
      2011-11-01 20:57:03   --------   d-----w-   C:\Users\debbie\AppData\Local\{E994C665-06D1-41F7-A967-260806C5D41D}
      2011-11-01 08:56:39   --------   d-----w-   C:\Users\debbie\AppData\Local\{F8D0EED7-408D-4280-BA84-F1A1FC1C4CD0}
      2011-11-01 08:56:29   --------   d-----w-   C:\Users\debbie\AppData\Local\{EA5BAF11-27DC-44C0-A0C4-6BA8724DF7F8}
      2011-11-01 08:56:07   --------   d-----w-   C:\Users\debbie\AppData\Local\{721EFE93-7BD4-447A-952B-2F2DA4E79010}
      2011-10-31 20:55:54   --------   d-----w-   C:\Users\debbie\AppData\Local\{3E1D0D58-5D96-42FF-BA30-DF0794215049}
      2011-10-31 20:55:43   --------   d-----w-   C:\Users\debbie\AppData\Local\{86BF1D8F-49E9-438B-97D8-C2360BE7442D}
      2011-10-31 20:55:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{F987B663-50F2-4EA0-9667-3343061DA416}
      2011-10-31 08:55:08   --------   d-----w-   C:\Users\debbie\AppData\Local\{E310592E-BF83-472C-A7AF-A102E5D5F0B8}
      2011-10-31 08:54:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{4DA7BDEC-8DA4-4DA8-BDE0-51578BB80D47}
      2011-10-31 08:54:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{9AEAAA10-8A12-4779-8846-165BBCD54443}
      2011-10-30 20:54:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{949B2B4D-318C-4DCA-89F6-51C18722C440}
      2011-10-30 20:54:13   --------   d-----w-   C:\Users\debbie\AppData\Local\{F230E499-5101-4AF6-B1E0-7A122B4B1ADA}
      2011-10-30 20:54:02   --------   d-----w-   C:\Users\debbie\AppData\Local\{19B09071-46BC-4159-8DEE-7CAC03F92BAF}
      2011-10-30 08:53:34   --------   d-----w-   C:\Users\debbie\AppData\Local\{17EB8ED5-D946-473E-B914-832074D71BAC}
      2011-10-30 08:53:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{A29EA914-41CE-4C94-9E74-B9157C67216F}
      2011-10-30 08:52:49   --------   d-----w-   C:\Users\debbie\AppData\Local\{81B38CE9-C8AF-4E57-8A81-4F3D6A3F1DDE}
      2011-10-29 20:52:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{38520545-7EE1-444F-8D1E-A41F7ED31090}
      2011-10-29 20:52:26   --------   d-----w-   C:\Users\debbie\AppData\Local\{1272C443-A7EE-4C7F-A605-5714E6AEF1C5}
      2011-10-29 20:52:15   --------   d-----w-   C:\Users\debbie\AppData\Local\{F4BAE64E-53FE-4533-830E-B1BD96B403DC}
      2011-10-29 08:51:52   --------   d-----w-   C:\Users\debbie\AppData\Local\{B5701254-D239-4BCF-AA8C-CE4F2C0C4E9B}
      2011-10-29 08:51:42   --------   d-----w-   C:\Users\debbie\AppData\Local\{0A93772F-978B-4DD4-B3A3-19B0B547D330}
      2011-10-29 08:51:31   --------   d-----w-   C:\Users\debbie\AppData\Local\{29A212FB-7E71-48B1-AC8A-768D86B5760F}
      2011-10-29 08:51:20   --------   d-----w-   C:\Users\debbie\AppData\Local\{5358B238-ABBF-490C-80F0-840E5F4CFD8E}
      2011-10-28 20:50:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{6A08777B-693E-4558-B115-A4FFAB0DD288}
      2011-10-28 20:50:43   --------   d-----w-   C:\Users\debbie\AppData\Local\{02E6AE1D-855A-4EFD-B3C8-FCF141E29A81}
      2011-10-28 08:50:16   --------   d-----w-   C:\Users\debbie\AppData\Local\{84CAC7B6-2658-4742-B75E-F6A2CC6F3096}
      2011-10-28 08:50:05   --------   d-----w-   C:\Users\debbie\AppData\Local\{97ACC7B6-7329-4DF7-9748-8A5E377C6773}
      2011-10-27 20:49:52   --------   d-----w-   C:\Users\debbie\AppData\Local\{11E9270B-E06B-4DF6-B9FA-0884FE41EE6A}
      2011-10-27 20:49:41   --------   d-----w-   C:\Users\debbie\AppData\Local\{9CEA4D64-2404-4899-8C86-B3D48686DAA2}
      2011-10-27 08:49:26   --------   d-----w-   C:\Users\debbie\AppData\Local\{958E0352-6F52-4332-9C67-D0782EB64DE0}
      2011-10-27 08:48:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{E4F9F9B1-8EC7-416A-AEEF-B44D90ED8F67}
      2011-10-26 20:48:46   --------   d-----w-   C:\Users\debbie\AppData\Local\{83A31975-3C97-4111-B00F-1EB7E679BFEB}
      2011-10-26 20:48:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{35C7D979-CF55-4DBD-A79D-B8BE61FAA379}
      2011-10-26 08:48:22   --------   d-----w-   C:\Users\debbie\AppData\Local\{95F3300F-C12F-448F-A56C-38268D272F6B}
      2011-10-26 08:48:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{A5A933A2-7C65-41DD-BF5E-23B2C9D5390C}
      2011-10-25 20:47:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{7DA0E8FA-D1EC-4362-8C38-497A17F1B85F}
      2011-10-25 20:47:45   --------   d-----w-   C:\Users\debbie\AppData\Local\{E17290FD-FFFA-4A61-8C96-4CE2252D8F0D}
      2011-10-25 08:47:33   --------   d-----w-   C:\Users\debbie\AppData\Local\{1A2A8787-A493-4FD7-8A5F-875DD239F151}
      2011-10-25 08:47:22   --------   d-----w-   C:\Users\debbie\AppData\Local\{B8BE6DFC-91E2-45FD-83E6-F6C435A06244}
      2011-10-24 20:47:09   --------   d-----w-   C:\Users\debbie\AppData\Local\{00314AD0-2C99-4CDF-BA54-13B8BD54F029}
      2011-10-24 20:46:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{C4D3FCD2-E324-4D17-8FBD-EBA9B32887CF}
      2011-10-24 08:46:46   --------   d-----w-   C:\Users\debbie\AppData\Local\{48FAEB43-A08F-4040-A68C-E94D5FAD25F4}
      2011-10-24 08:46:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{83271D93-B859-40A2-952D-6ACCA557DF76}
      2011-10-23 20:46:22   --------   d-----w-   C:\Users\debbie\AppData\Local\{FDA6E745-D0C1-4C62-970A-28089D23D982}
      2011-10-23 20:46:11   --------   d-----w-   C:\Users\debbie\AppData\Local\{2DF798C0-805E-41AB-B707-2BA05C2A5AE3}
      2011-10-23 08:45:59   --------   d-----w-   C:\Users\debbie\AppData\Local\{B6977F4A-1183-4A85-9DFF-BFDFA2EB2607}
      2011-10-23 08:45:48   --------   d-----w-   C:\Users\debbie\AppData\Local\{0E2A3A3A-04BF-4404-9080-A5A5B7E0C8DB}
      2011-10-22 20:45:35   --------   d-----w-   C:\Users\debbie\AppData\Local\{D35C0449-C77E-4905-8224-AA4DFFAD74E1}
      2011-10-22 20:45:24   --------   d-----w-   C:\Users\debbie\AppData\Local\{600A0BEE-6C48-4299-8CEC-1196B65EB0A6}
      2011-10-22 08:45:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{D051BB0B-9A23-4EB6-BB6B-C580DA0B244C}
      2011-10-22 08:45:01   --------   d-----w-   C:\Users\debbie\AppData\Local\{EFF624E6-2F16-4CCC-8730-82DF8B8CBFEC}
      2011-10-21 20:44:48   --------   d-----w-   C:\Users\debbie\AppData\Local\{593229EB-7AB7-4CED-9840-443A0E0C5795}
      2011-10-21 20:44:30   --------   d-----w-   C:\Users\debbie\AppData\Local\{B9B0F7E6-CC2B-42F5-9E3F-E64A424DDA19}
      2011-10-21 08:44:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{4023FBC2-BD88-465A-B404-08F4CD938012}
      2011-10-21 08:44:06   --------   d-----w-   C:\Users\debbie\AppData\Local\{3B63B46E-F5D5-4563-A565-FF822AF971DF}
      2011-10-20 20:43:53   --------   d-----w-   C:\Users\debbie\AppData\Local\{7F552F98-5AE2-40A1-A6BB-CBBE324B5A69}
      2011-10-20 20:43:37   --------   d-----w-   C:\Users\debbie\AppData\Local\{60EBA5E1-15AB-4F5C-9855-7AA5BF95457E}
      2011-10-20 08:43:23   --------   d-----w-   C:\Users\debbie\AppData\Local\{277924B6-EFE8-4743-B995-D1EB5D1B75A7}
      2011-10-20 08:43:12   --------   d-----w-   C:\Users\debbie\AppData\Local\{72099ACB-DA3D-4E0D-93C8-D97CD75C81B8}
      2011-10-19 20:42:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{F1F0657F-0E54-4D9F-8921-8464A57BBD6B}
      2011-10-19 20:42:47   --------   d-----w-   C:\Users\debbie\AppData\Local\{8AC059F5-B4EA-4DA5-BE58-1F8EA3A7E3B6}
      2011-10-19 08:42:33   --------   d-----w-   C:\Users\debbie\AppData\Local\{A2C7DA01-ABEF-483B-8D4B-C7EE4689826A}
      2011-10-19 08:42:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{D0F2B3E3-1BB1-4094-A4C0-38987783A9F5}
      2011-10-18 20:42:09   --------   d-----w-   C:\Users\debbie\AppData\Local\{E9AD2A36-B2FC-431E-9D64-CAB39D06B646}
      2011-10-18 20:41:58   --------   d-----w-   C:\Users\debbie\AppData\Local\{16A31F84-11B2-4014-B28B-0A60ADA71BDB}
      2011-10-18 08:41:32   --------   d-----w-   C:\Users\debbie\AppData\Local\{7137B1F8-03F1-4F8A-A7A7-193990C46E00}
      2011-10-18 08:41:21   --------   d-----w-   C:\Users\debbie\AppData\Local\{FE6AB8AE-DA6B-4537-92F1-6A591F51361A}
      2011-10-17 20:40:55   --------   d-----w-   C:\Users\debbie\AppData\Local\{81D99340-D731-45EC-8876-E57CDA61D6C9}
      2011-10-17 20:40:44   --------   d-----w-   C:\Users\debbie\AppData\Local\{F251EE1D-8C7E-410A-9857-341C81EDD841}
      2011-10-17 08:40:30   --------   d-----w-   C:\Users\debbie\AppData\Local\{D4C9602D-557F-4E6A-9EA4-621AA235B1A0}
      2011-10-17 08:40:18   --------   d-----w-   C:\Users\debbie\AppData\Local\{70665518-A6A0-4575-9F96-8245E430DA0F}
      2011-10-16 20:40:05   --------   d-----w-   C:\Users\debbie\AppData\Local\{55ADDC2C-6F17-4DC7-9BA3-4F0F05764FD6}
      2011-10-16 20:39:54   --------   d-----w-   C:\Users\debbie\AppData\Local\{4FB560F4-BD4D-4F89-B17E-FCA9304E6C4C}
      2011-10-16 08:39:29   --------   d-----w-   C:\Users\debbie\AppData\Local\{47DAC8E2-137C-4226-9789-5A4CAE08D776}
      2011-10-16 08:39:17   --------   d-----w-   C:\Users\debbie\AppData\Local\{CA82AB58-9E83-4DD6-BA49-04FE53CE3ED1}
      2011-10-16 08:38:56   --------   d-----w-   C:\Users\debbie\AppData\Local\{E74D8A9D-CBCC-4A4E-8828-0D189CA6FAE7}
      2011-10-15 20:38:41   --------   d-----w-   C:\Users\debbie\AppData\Local\{BDB82630-ABA6-4422-85EF-479FFF29EBC8}
      2011-10-15 20:38:28   --------   d-----w-   C:\Users\debbie\AppData\Local\{FD7560CA-3682-4707-8758-3097CD3A8511}
      2011-10-15 20:38:14   --------   d-----w-   C:\Users\debbie\AppData\Local\{EA15CBAA-917A-4524-8869-422D2D242521}
      2011-10-15 20:37:57   --------   d-----w-   C:\Users\debbie\AppData\Local\{AC6CFDE0-9C61-4FBC-8595-7D1A39865BCE}
      2011-10-15 16:51:02   --------   d-----w-   C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
      .
      ==================== Find3M  ====================
      .
      2011-10-14 08:35:17   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2011-10-07 06:23:46   283728   ----a-w-   C:\Windows\System32\drivers\avgldx64.sys
      2011-09-13 15:27:50   0   ----a-w-   C:\Windows\SysWow64\ConduitEngine.tmp
      2011-09-13 05:30:08   37456   ----a-w-   C:\Windows\System32\drivers\avgrkx64.sys
      2011-09-01 05:24:07   2309120   ----a-w-   C:\Windows\System32\jscript9.dll
      2011-09-01 05:17:57   1389056   ----a-w-   C:\Windows\System32\wininet.dll
      2011-09-01 05:12:04   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
      2011-09-01 02:35:59   1798144   ----a-w-   C:\Windows\SysWow64\jscript9.dll
      2011-09-01 02:28:15   1126912   ----a-w-   C:\Windows\SysWow64\wininet.dll
      2011-09-01 02:22:54   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
      2011-08-31 16:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
      2011-08-30 22:05:32   96104   ----a-w-   C:\Windows\System32\dns-sd.exe
      2011-08-30 22:05:32   85864   ----a-w-   C:\Windows\System32\dnssd.dll
      2011-08-30 22:05:32   61288   ----a-w-   C:\Windows\System32\jdns_sd.dll
      2011-08-30 22:05:32   212840   ----a-w-   C:\Windows\System32\dnssdX.dll
      2011-08-30 22:05:04   83816   ----a-w-   C:\Windows\SysWow64\dns-sd.exe
      2011-08-30 22:05:04   73064   ----a-w-   C:\Windows\SysWow64\dnssd.dll
      2011-08-30 22:05:04   50536   ----a-w-   C:\Windows\SysWow64\jdns_sd.dll
      2011-08-30 22:05:04   178536   ----a-w-   C:\Windows\SysWow64\dnssdX.dll
      2011-08-27 05:37:49   861696   ----a-w-   C:\Windows\System32\oleaut32.dll
      2011-08-27 05:37:48   331776   ----a-w-   C:\Windows\System32\oleacc.dll
      2011-08-27 04:26:27   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
      2011-08-27 04:26:27   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
      2011-08-17 05:26:46   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
      2011-08-17 05:25:08   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
      2011-08-17 04:24:12   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
      2011-08-17 04:19:27   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
      .
      ============= FINISH: 16:38:11.90 ===============

      bchirpy

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: virus but viral removal tools cant seem to find it
        « Reply #2 on: November 14, 2011, 10:07:15 AM »
        .
        UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
        IF REQUESTED, ZIP IT UP & ATTACH IT
        .
        DDS (Ver_2011-08-26.01)
        .
        Microsoft Windows 7 Home Premium
        Boot Device: \Device\HarddiskVolume2
        Install Date: 07/07/2011 13:49:26
        System Uptime: 13/11/2011 09:44:43 (31 hours ago)
        .
        Motherboard: Acer |  | Aspire M3400
        Processor: AMD Phenom(tm) II X6 1035T Processor | CPU 1 | 2600/200mhz
        .
        ==== Disk Partitions =========================
        .
        C: is FIXED (NTFS) - 225 GiB total, 84.119 GiB free.
        D: is FIXED (NTFS) - 226 GiB total, 225.544 GiB free.
        E: is CDROM ()
        F: is Removable
        G: is Removable
        H: is Removable
        I: is Removable
        J: is Removable
        K: is Removable
        L: is FIXED (NTFS) - 932 GiB total, 842.966 GiB free.
        .
        ==== Disabled Device Manager Items =============
        .
        ==== System Restore Points ===================
        .
        RP67: 10/11/2011 03:00:14 - Windows Update
        RP68: 11/11/2011 03:00:12 - Windows Update
        RP69: 11/11/2011 08:39:46 - Windows Update
        RP70: 14/11/2011 14:26:50 - Windows Update
        RP71: 14/11/2011 15:39:36 - Installed HiJackThis
        RP72: 14/11/2011 16:27:17 - Installed Java(TM) 6 Update 29
        .
        ==== Installed Programs ======================
        .
        ABBYY FineReader 6.0 Sprint
        Acer Arcade Deluxe
        Acer Arcade Movie
        Acer eRecovery Management
        Acer GameZone Console
        Acer Registration
        Acer ScreenSaver
        Acer Updater
        Acrobat.com
        Adobe AIR
        Adobe Flash Player 11 ActiveX
        Adobe Reader X (10.1.1)
        Advertising Center
        Amazon MP3 Downloader 1.0.9
        Amazonia
        Apple Application Support
        Apple Software Update
        ArcSoft Magic-i Visual Effects 2
        ArcSoft WebCam Companion 3
        Bejeweled 2 Deluxe
        BitTorrent
        blinkbox Download Manager
        Cake Mania
        Chicken Invaders 2
        Consumer Input Software (remove only)
        Coupon Printer
        CyberLink PowerDVD 9
        D3DX10
        Dairy Dash
        Dream Day First Home
        DYMO Label v.8
        eBay Worldwide
        eMule
        Epson Easy Photo Print 2
        Epson Event Manager
        Epson Printer Software Downloader
        EPSON Scan
        Epson Stylus SX510W_TX550W Manual
        EpsonNet Print
        EpsonNet Setup
        eSobi v2
        Farm Frenzy 2
        File Type Assistant
        Final Media Player 2011
        Free Studio version 5.1.7
        Galapago
        Google Chrome
        Google Toolbar for Internet Explorer
        Google Update Helper
        Granny In Paradise
        Heroes of Hellas
        HiJackThis
        Hotkey Utility
        HP Button Manager
        HP Webcam User's Guide
        Identity Card
        ImagXpress
        Java Auto Updater
        Java(TM) 6 Update 29
        Junk Mail filter update
        Malwarebytes' Anti-Malware version 1.51.2.1300
        MediaShow Espresso
        Mesh Runtime
        Messenger Companion
        Microsoft Office 2010
        Microsoft Office Click-to-Run 2010
        Microsoft Office Starter 2010 - English
        Microsoft Silverlight
        Microsoft SQL Server 2005 Compact Edition [ENU]
        Microsoft Visual C++ 2005 Redistributable
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
        MSVCRT
        MSVCRT_amd64
        MSXML 4.0 SP2 (KB954430)
        MSXML 4.0 SP2 (KB973688)
        MyWinLocker
        MyWinLocker Suite
        Nero 9 Essentials
        Nero ControlCenter
        Nero DiscSpeed
        Nero DiscSpeed Help
        Nero DriveSpeed
        Nero DriveSpeed Help
        Nero Express Help
        Nero InfoTool
        Nero InfoTool Help
        Nero Installer
        Nero Online Upgrade
        Nero StartSmart
        Nero StartSmart Help
        Nero StartSmart OEM
        NeroExpress
        neroxml
        NVIDIA PhysX
        Paltalk Messenger
        Panda ActiveScan 2.0
        Peggle Nights
        QuickTime
        Realtek High Definition Audio Driver
        RoboForm 7-3-2 (All Users)
        Safari
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
        Shredder
        Spin & Win
        TP-LINK Wireless Client Utility
        Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
        Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
        VC 9.0 Runtime
        Visual Studio 2008 x64 Redistributables
        Welcome Center
        Windows Live Communications Platform
        Windows Live Essentials
        Windows Live Installer
        Windows Live Mail
        Windows Live Mesh
        Windows Live Mesh ActiveX Control for Remote Connections
        Windows Live Messenger
        Windows Live Messenger Companion Core
        Windows Live Movie Maker
        Windows Live Photo Common
        Windows Live Photo Gallery
        Windows Live PIMT Platform
        Windows Live SOXE
        Windows Live SOXE Definitions
        Windows Live Sync
        Windows Live UX Platform
        Windows Live UX Platform Language Pack
        Windows Live Writer
        Windows Live Writer Resources
        ZoneAlarm Firewall
        ZoneAlarm Free
        ZoneAlarm Security
        .
        ==== Event Viewer Messages From Past Week ========
        .
        14/11/2011 13:41:40, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        14/11/2011 13:41:40, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        14/11/2011 13:41:40, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        14/11/2011 13:41:40, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        14/11/2011 13:41:36, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Download     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
        14/11/2011 13:41:36, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Download     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
        14/11/2011 13:41:36, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Download     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
        14/11/2011 13:41:36, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Download     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
        14/11/2011 13:11:39, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        14/11/2011 13:11:39, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiVirus     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        14/11/2011 13:11:39, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        14/11/2011 13:11:39, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 0.0.0.0     Update Source: Microsoft Malware Protection Center     Update Stage: Search     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094     Signature Type: AntiSpyware     Update Type: Full     User: debbie-PC\debbie     Current Engine Version:      Previous Engine Version: 0.0.0.0     Error code: 0x80072f76     Error description: The requested header was not found
        13/11/2011 20:02:48, Error: Service Control Manager [7030]  - The Local System Utility service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
        13/11/2011 09:51:45, Error: Service Control Manager [7030]  - The TrueVector Internet Monitor service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
        08/11/2011 18:26:40, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user debbie-PC\debbie SID (S-1-5-21-2872453390-2521149967-1654224917-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
        08/11/2011 15:59:14, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk7\DR8.
        .
        ==== End Of File ===========================

        bchirpy

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: virus but viral removal tools cant seem to find it
          « Reply #3 on: November 14, 2011, 10:32:39 AM »
          noted that i should post mbam and sas logs so running again  :o

          bchirpy

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: virus but viral removal tools cant seem to find it
            « Reply #4 on: November 14, 2011, 11:24:41 AM »
            Malwarebytes' Anti-Malware 1.51.2.1300
            www.malwarebytes.org

            Database version: 8161

            Windows 6.1.7601 Service Pack 1
            Internet Explorer 9.0.8112.16421

            14/11/2011 18:21:23
            mbam-log-2011-11-14 (18-21-23).txt

            Scan type: Full scan (C:\|D:\|E:\|L:\|)
            Objects scanned: 350959
            Time elapsed: 1 hour(s), 9 minute(s), 59 second(s)

            Memory Processes Infected: 0
            Memory Modules Infected: 0
            Registry Keys Infected: 0
            Registry Values Infected: 0
            Registry Data Items Infected: 0
            Folders Infected: 0
            Files Infected: 0

            Memory Processes Infected:
            (No malicious items detected)

            Memory Modules Infected:
            (No malicious items detected)

            Registry Keys Infected:
            (No malicious items detected)

            Registry Values Infected:
            (No malicious items detected)

            Registry Data Items Infected:
            (No malicious items detected)

            Folders Infected:
            (No malicious items detected)

            Files Infected:
            (No malicious items detected)

            bchirpy

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: virus but viral removal tools cant seem to find it
              « Reply #5 on: November 14, 2011, 11:41:40 AM »
              SUPERAntiSpyware Scan Log
              http://www.superantispyware.com

              Generated 11/14/2011 at 06:40 PM

              Application Version : 5.0.1136

              Core Rules Database Version : 7937
              Trace Rules Database Version: 5749

              Scan type       : Complete Scan
              Total Scan Time : 01:30:28

              Operating System Information
              Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
              UAC On - Limited User

              Memory items scanned      : 686
              Memory threats detected   : 0
              Registry items scanned    : 70968
              Registry threats detected : 0
              File items scanned        : 55470
              File threats detected     : 4

              Adware.Tracking Cookie
                 C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\RZE1EKMI.txt [ Cookie:[email protected]/ ]
                 C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SF6YJL3Z.txt [ Cookie:[email protected]/ ]
                 C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROWUE38V.txt [ Cookie:[email protected]/ ]
                 C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9AFW61S8.txt [ Cookie:[email protected]/ ]

              Linux711



                Mentor

                Thanked: 59
                • Yes
                • Programming Blog
              • Certifications: List
              • Computer: Specs
              • Experience: Experienced
              • OS: Windows 7
              Re: virus but viral removal tools cant seem to find it
              « Reply #6 on: November 14, 2011, 11:48:43 AM »
              Do you really expect someone to read all that? I would just disable all your startup items in msconfig (except for the ones obviously associated with your antivirus software).

              Mod Edit: Yes! that's why this forum is here. To remove malware, not just the symptoms of malware. Would you like to learn to fight malware?
              « Last Edit: November 16, 2011, 01:43:33 AM by evilfantasy »
              YouTube

              "Genius is persistence, not brain power." - Me

              "Insomnia is just a byproduct of, "It can't be done"" - LaVolpe

              bchirpy

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Unknown
                Re: virus but viral removal tools cant seem to find it
                « Reply #7 on: November 14, 2011, 12:13:33 PM »
                how do i do that? I didn't realise i had to disable startup items ?

                bchirpy

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Unknown
                  Re: virus but viral removal tools cant seem to find it
                  « Reply #8 on: November 14, 2011, 12:16:21 PM »
                  ok have disabled most - which log do i need to do again?

                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 991
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 8
                  Re: virus but viral removal tools cant seem to find it
                  « Reply #9 on: November 14, 2011, 12:46:39 PM »
                  Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

                  1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
                  2. The fixes are specific to your problem and should only be used for this issue on this machine.
                  3. If you don't know or understand something, please don't hesitate to ask.
                  4. Please DO NOT run any other tools or scans while I am helping you.
                  5. It is important that you reply to this thread. Do not start a new topic.
                  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
                  7. Absence of symptoms does not mean that everything is clear.

                  If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
                  *************************************************************************
                  The logs show that you're running two Anti-Virus programs; Microsoft Security Essentials and AVG Anti-Virus Free Edition 2012 . One will have to be disabled. I would suggest removing AVG.

                  P2P - I see you have P2P software installed on your machine. BitTorrentWe are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

                  Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

                  I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
                  ******************************************************
                  Download OTL to your desktop.

                  * Open OTL
                  * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

                  Code: [Select]
                  :OTL

                  uURLSearchHooks: H - No File
                  uURLSearchHooks: H - No File
                  BHO-X64:     AcroIEHelperStub - No File
                  BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
                  BHO-X64:     RoboForm BHO - No File
                  BHO-X64:     ZoneAlarm Security Engine Registrar - No File
                  BHO-X64:     DCA - No File

                  :COMMANDS
                  [resethosts]
                  [purity]
                  [start explorer]

                  * Click Run Fix
                  * OTLI2 may ask to reboot the machine. Please do so if asked.
                  * Click OK
                  * A report will open. Copy and Paste that report in your next reply.
                  **************************************************************
                  Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

                  link # 1
                  Link # 2
                  If you are using Firefox, make sure that your download settings are as follows:

                  * Tools->Options->Main tab
                  * Set to "Always ask me where to Save the files".

                  Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

                  Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

                  Right-click combofix.exe and select Run as Administrator and follow the prompts.
                  When finished, ComboFix will produce a log for you.
                  Post the ComboFix login your next reply.

                  NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                  Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
                  Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                  bchirpy

                    Topic Starter


                    Rookie

                    • Experience: Beginner
                    • OS: Unknown
                    Re: virus but viral removal tools cant seem to find it
                    « Reply #10 on: November 14, 2011, 01:04:52 PM »
                    ========== OTL ==========
                    ========== COMMANDS ==========
                    C:\Windows\System32\drivers\etc\Hosts moved successfully.
                    HOSTS file reset successfully
                     
                    OTL by OldTimer - Version 3.2.31.0 log created on 11142011_200432

                    bchirpy

                      Topic Starter


                      Rookie

                      • Experience: Beginner
                      • OS: Unknown
                      Re: virus but viral removal tools cant seem to find it
                      « Reply #11 on: November 14, 2011, 01:49:16 PM »
                      Many thanks for your help superdave here is the combofix report log

                      ComboFix 11-11-14.02 - debbie 14/11/2011  20:26:48.1.6 - x64
                      Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4080.2681 [GMT 0:00]
                      Running from: c:\users\debbie\Desktop\ComboFix.exe
                      AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
                      FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
                      SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
                      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                      .
                      .
                      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      c:\programdata\FullRemove.exe
                      c:\users\debbie\AppData\Local\common_functions.dll
                      c:\users\debbie\AppData\Local\ie_runner_app.exe
                      c:\windows\Downloaded Program Files\popcaploader.inf
                      L:\Autorun.inf
                      .
                      .
                      (((((((((((((((((((((((((   Files Created from 2011-10-14 to 2011-11-14  )))))))))))))))))))))))))))))))
                      .
                      .
                      2011-11-14 20:33 . 2011-11-14 20:33   69000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\offreg.dll
                      2011-11-14 20:31 . 2011-11-14 20:31   --------   d-----w-   c:\users\Default\AppData\Local\temp
                      2011-11-14 20:07 . 2011-11-14 20:07   --------   d-----w-   c:\users\debbie\AppData\Roaming\AVG2012
                      2011-11-14 20:04 . 2011-11-14 20:04   --------   d-----w-   C:\_OTL
                      2011-11-14 16:29 . 2011-11-14 16:29   --------   d-----w-   c:\program files (x86)\Common Files\Java
                      2011-11-14 16:28 . 2011-11-14 16:28   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
                      2011-11-14 16:28 . 2011-11-14 16:28   --------   d-----w-   c:\program files (x86)\Java
                      2011-11-14 15:41 . 2011-11-14 15:41   388096   ----a-r-   c:\users\debbie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                      2011-11-14 15:41 . 2011-11-14 15:41   --------   d-----w-   c:\program files (x86)\Trend Micro
                      2011-11-14 13:58 . 2011-10-18 01:27   8570192   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{307F7D92-3E3C-4B10-A455-FDC366F547C4}\mpengine.dll
                      2011-11-14 13:11 . 2011-10-04 17:22   917840   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7845E7E-B698-4FC8-9C97-AC5D378A5456}\gapaengine.dll
                      2011-11-14 11:17 . 2011-11-14 11:17   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
                      2011-11-14 11:17 . 2011-11-14 11:18   --------   d-----w-   c:\program files\Microsoft Security Client
                      2011-11-13 09:51 . 2011-11-14 16:40   --------   d-----w-   c:\windows\Internet Logs
                      2011-11-12 09:17 . 2011-11-13 09:51   --------   d-----w-   c:\program files (x86)\CheckPoint
                      2011-11-11 09:17 . 2011-11-11 09:17   --------   d-----w-   c:\users\debbie\AppData\Local\Sanford,_L.P
                      2011-11-11 09:16 . 2011-11-11 09:17   --------   d-----w-   c:\users\debbie\AppData\Local\DYMO
                      2011-11-11 09:06 . 2011-11-11 09:06   --------   d-----w-   c:\program files (x86)\DYMO
                      2011-11-11 09:06 . 2011-11-11 09:06   --------   d-----w-   c:\programdata\DYMO
                      2011-11-09 08:59 . 2011-10-01 05:45   886784   ----a-w-   c:\program files\Common Files\System\wab32.dll
                      2011-11-09 08:59 . 2011-10-01 04:37   708608   ----a-w-   c:\program files (x86)\Common Files\System\wab32.dll
                      2011-11-09 08:59 . 2011-09-29 16:29   1923952   ----a-w-   c:\windows\system32\drivers\tcpip.sys
                      2011-11-09 08:59 . 2011-09-29 04:03   3144704   ----a-w-   c:\windows\system32\win32k.sys
                      2011-10-21 23:46 . 2011-10-21 23:46   --------   d-----w-   c:\windows\system32\Macromed
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2011-11-14 18:46 . 2011-07-08 02:26   159080   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
                      2011-10-14 08:35 . 2011-07-17 15:31   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                      2011-09-13 15:27 . 2011-09-13 15:27   0   ----a-w-   c:\windows\SysWow64\ConduitEngine.tmp
                      2011-09-01 05:24 . 2011-10-14 02:00   2309120   ----a-w-   c:\windows\system32\jscript9.dll
                      2011-09-01 05:17 . 2011-10-14 02:00   1389056   ----a-w-   c:\windows\system32\wininet.dll
                      2011-09-01 05:12 . 2011-10-14 02:01   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
                      2011-09-01 02:35 . 2011-10-14 02:00   1798144   ----a-w-   c:\windows\SysWow64\jscript9.dll
                      2011-09-01 02:28 . 2011-10-14 02:01   1126912   ----a-w-   c:\windows\SysWow64\wininet.dll
                      2011-09-01 02:22 . 2011-10-14 02:01   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
                      2011-08-31 16:00 . 2011-07-20 11:59   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
                      2011-08-30 22:05 . 2011-08-30 22:05   96104   ----a-w-   c:\windows\system32\dns-sd.exe
                      2011-08-30 22:05 . 2011-08-30 22:05   85864   ----a-w-   c:\windows\system32\dnssd.dll
                      2011-08-30 22:05 . 2011-08-30 22:05   61288   ----a-w-   c:\windows\system32\jdns_sd.dll
                      2011-08-30 22:05 . 2011-08-30 22:05   212840   ----a-w-   c:\windows\system32\dnssdX.dll
                      2011-08-30 22:05 . 2011-08-30 22:05   83816   ----a-w-   c:\windows\SysWow64\dns-sd.exe
                      2011-08-30 22:05 . 2011-08-30 22:05   73064   ----a-w-   c:\windows\SysWow64\dnssd.dll
                      2011-08-30 22:05 . 2011-08-30 22:05   50536   ----a-w-   c:\windows\SysWow64\jdns_sd.dll
                      2011-08-30 22:05 . 2011-08-30 22:05   178536   ----a-w-   c:\windows\SysWow64\dnssdX.dll
                      2011-08-27 05:37 . 2011-10-13 11:20   861696   ----a-w-   c:\windows\system32\oleaut32.dll
                      2011-08-27 05:37 . 2011-10-13 11:20   331776   ----a-w-   c:\windows\system32\oleacc.dll
                      2011-08-27 04:26 . 2011-10-13 11:20   571904   ----a-w-   c:\windows\SysWow64\oleaut32.dll
                      2011-08-27 04:26 . 2011-10-13 11:20   233472   ----a-w-   c:\windows\SysWow64\oleacc.dll
                      2011-08-17 05:26 . 2011-10-13 11:24   613888   ----a-w-   c:\windows\system32\psisdecd.dll
                      2011-08-17 05:25 . 2011-10-13 11:24   108032   ----a-w-   c:\windows\system32\psisrndr.ax
                      2011-08-17 04:24 . 2011-10-13 11:24   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
                      2011-08-17 04:19 . 2011-10-13 11:24   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
                      .
                      .
                      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Note* empty entries & legit default entries are not shown
                      REGEDIT4
                      .
                      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
                      @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
                      [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
                      2010-02-01 18:03   120176   ----a-w-   c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
                      .
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
                      "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-17 39408]
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                      "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
                      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
                      "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
                      "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
                      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
                      "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-09 73360]
                      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                      "ConsentPromptBehaviorAdmin"= 5 (0x5)
                      "ConsentPromptBehaviorUser"= 3 (0x3)
                      "EnableUIADesktopToggle"= 0 (0x0)
                      .
                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
                      Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
                      @=""
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                      @=""
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                      @="Service"
                      .
                      R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
                      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
                      R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
                      R3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys

                      R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 136176]
                      R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

                      R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
                      R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

                      R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
                      R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
                      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

                      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

                      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

                      R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
                      S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys

                      S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys

                      S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys

                      S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys

                      S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys

                      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
                      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
                      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

                      S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-13 140672]
                      S2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2010/06/23 23:37];c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [2010-04-15 11:05 146928]
                      S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/23 18:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 15:59 146928]
                      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
                      S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
                      S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
                      S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
                      S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
                      S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
                      S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
                      S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
                      S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
                      S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys

                      S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys

                      S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

                      S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys

                      S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys

                      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

                      S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys

                      S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys

                      S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys

                      S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys

                      S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
                      S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

                      .
                      .
                      Contents of the 'Scheduled Tasks' folder
                      .
                      2011-11-14 c:\windows\Tasks\Epson Printer Software Downloader.job
                      - c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 14:03]
                      .
                      2011-11-14 c:\windows\Tasks\Final Media Player Update Checker.job
                      - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-08-03 14:24]
                      .
                      2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 15:31]
                      .
                      2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-17 15:31]
                      .
                      .
                      --------- x86-64 -----------
                      .
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
                      @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
                      [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
                      2010-02-01 18:06   137584   ----a-w-   c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-12 9955872]
                      "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
                      "LoadAppInit_DLLs"=0x0
                      .
                      ------- Supplementary Scan -------
                      .
                      uStart Page = hxxp://www.hotukdeals.com/
                      uLocal Page = c:\windows\system32\blank.htm
                      mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_m3400&r=173607116806pe485v145w46l1v473
                      mLocal Page = c:\windows\SysWOW64\blank.htm
                      uInternet Settings,ProxyOverride = *.local
                      IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
                      IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
                      IE: Free YouTube Download - c:\users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
                      IE: Free YouTube to MP3 Converter - c:\users\debbie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
                      IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
                      IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
                      TCP: DhcpNameServer = 192.168.0.1
                      DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
                      .
                      - - - - ORPHANS REMOVED - - - -
                      .
                      URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
                      URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
                      Toolbar-Locked - (no file)
                      Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
                      Toolbar-Locked - (no file)
                      HKLM-Run-ISW - (no file)
                      .
                      .
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6E090BD5-4EF5-4bf0-A968-74049E88E935}]
                      "ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl"
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
                      "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
                      .
                      --------------------- LOCKED REGISTRY KEYS ---------------------
                      .
                      [HKEY_USERS\S-1-5-21-2872453390-2521149967-1654224917-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
                      @Denied: (2) (LocalSystem)
                      "Progid"="WindowsLiveMail.Email.1"
                      .
                      [HKEY_USERS\S-1-5-21-2872453390-2521149967-1654224917-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
                      @Denied: (2) (LocalSystem)
                      "Progid"="WindowsLiveMail.VCard.1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                      @Denied: (A 2) (Everyone)
                      @="Shockwave Flash Object"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
                      "ThreadingModel"="Apartment"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                      @="0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                      @="ShockwaveFlash.ShockwaveFlash.10"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                      @="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                      @="ShockwaveFlash.ShockwaveFlash"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                      @Denied: (A 2) (Everyone)
                      @="Macromedia Flash Factory Object"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
                      "ThreadingModel"="Apartment"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                      @="FlashFactory.FlashFactory.1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                      @="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                      @="FlashFactory.FlashFactory"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker4"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
                      @Denied: (Full) (Everyone)
                      .
                      ------------------------ Other Running Processes ------------------------
                      .
                      c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
                      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                      c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
                      .
                      **************************************************************************
                      .
                      Completion time: 2011-11-14  20:37:36 - machine was rebooted
                      ComboFix-quarantined-files.txt  2011-11-14 20:37
                      .
                      Pre-Run: 90,532,724,736 bytes free
                      Post-Run: 90,173,460,480 bytes free
                      .
                      - - End Of File - - C911B48FE127F7266FD0A61F33ADA2ED

                      SuperDave

                      • Malware Removal Specialist


                      • Genius
                      • Thanked: 991
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 8
                      Re: virus but viral removal tools cant seem to find it
                      « Reply #12 on: November 14, 2011, 04:47:22 PM »
                      Please download Rooter and Save it to your desktop.
                      • Double click it to start the tool.Vista and Windows7 run as administrator.
                      • Click Scan.
                      • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
                      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                      bchirpy

                        Topic Starter


                        Rookie

                        • Experience: Beginner
                        • OS: Unknown
                        Re: virus but viral removal tools cant seem to find it
                        « Reply #13 on: November 15, 2011, 01:20:51 AM »
                        Rooter.exe (v1.0.2) by Eric_71
                        .
                        SeDebugPrivilege granted successfully ...
                        .
                        Windows 7 Home Edition (6.1.7601) Service Pack 1
                        [32_bits] - AMD64 Family 16 Model 10 Stepping 0, AuthenticAMD
                        .
                        [wscsvc] (Security Center) RUNNING (state:4)
                        [MpsSvc] RUNNING (state:4)
                        Windows Firewall -> Disabled !
                        Windows Defender -> Enabled
                        User Account Control (UAC) -> Enabled
                        .
                        Internet Explorer 9.0.8112.16421
                        .
                        C:\  [Fixed-NTFS] .. ( Total:224 Go - Free:83 Go )
                        D:\  [Fixed-NTFS] .. ( Total:225 Go - Free:225 Go )
                        E:\  [CD_Rom]
                        F:\  [Removable]
                        G:\  [Removable]
                        H:\  [Removable]
                        I:\  [Removable]
                        J:\  [Removable]
                        K:\  [Removable]
                        L:\  [Fixed-NTFS] .. ( Total:931 Go - Free:843 Go )
                        Q:\  [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
                        .
                        Scan : 08:19.14
                        Path : C:\Users\debbie\Desktop\Rooter.exe
                        User : debbie ( Administrator -> YES )
                        .
                        ----------------------\\ Processes
                        .
                        Locked [System Process] (0)
                        Locked System (4)
                        ______ ?????????? (328)
                        ______ ?????????? (484)
                        ______ ?????????? (568)
                        ______ ?????????? (600)
                        ______ ?????????? (624)
                        ______ ?????????? (648)
                        ______ ?????????? (656)
                        ______ ?????????? (764)
                        ______ ?????????? (828)
                        ______ ?????????? (868)
                        ______ ?????????? (932)
                        ______ ?????????? (956)
                        ______ ?????????? (128)
                        ______ ?????????? (340)
                        ______ ?????????? (412)
                        ______ ?????????? (1132)
                        ______ ?????????? (1284)
                        ______ ?????????? (1292)
                        ______ ?????????? (1352)
                        ______ ?????????? (1516)
                        ______ ?????????? (1524)
                        ______ ?????????? (1732)
                        ______ ?????????? (1828)
                        ______ ?????????? (1856)
                        ______ ?????????? (1944)
                        ______ C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1964)
                        ______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1988)
                        ______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2012)
                        ______ ?????????? (2036)
                        ______ ?????????? (1116)
                        ______ ?????????? (1876)
                        ______ ?????????? (2032)
                        ______ ?????????? (2068)
                        ______ C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (2096)
                        ______ C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (2192)
                        ______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2516)
                        ______ ?????????? (2544)
                        ______ C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (2580)
                        ______ C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2624)
                        ______ ?????????? (2676)
                        ______ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2784)
                        ______ ?????????? (2824)
                        ______ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3228)
                        ______ ?????????? (3472)
                        ______ ?????????? (3508)
                        ______ ?????????? (3852)
                        ______ ?????????? (3940)
                        ______ ?????????? (3964)
                        ______ ?????????? (2800)
                        ______ ?????????? (3748)
                        ______ ?????????? (3760)
                        ______ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1436)
                        ______ C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (3584)
                        ______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (3696)
                        ______ ?????????? (4128)
                        ______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4260)
                        ______ ?????????? (4540)
                        ______ ?????????? (4736)
                        ______ ?????????? (4824)
                        ______ ?????????? (3624)
                        ______ ?????????? (3824)
                        ______ ?????????? (5320)
                        ______ ?????????? (5772)
                        Locked C:\Program Files (x86)\Internet Explorer\iexplore.exe (5988)
                        Locked C:\Program Files (x86)\Internet Explorer\iexplore.exe (6056)
                        ______ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (4520)
                        ______ C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe (5440)
                        ______ C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (5828)
                        ______ C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (5092)
                        ______ C:\Program Files (x86)\iTunes\iTunes.exe (3608)
                        Locked ???? (2844)
                        ______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (1036)
                        ______ ?????????? (5552)
                        ______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (3440)
                        ______ ?????????? (3432)
                        ______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (4016)
                        ______ ?????????? (4248)
                        ______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (5888)
                        ______ ?????????? (5864)
                        ______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (1048)
                        ______ ?????????? (6116)
                        ______ ?????????? (5632)
                        ______ ?????????? (3156)
                        ______ ?????????? (5896)
                        ______ ?????????? (2552)
                        ______ ?????????? (5196)
                        ______ C:\Users\debbie\Desktop\Rooter.exe (1392)
                        .
                        ----------------------\\ Device\Harddisk0\
                        .
                        \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
                        .
                        \Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:16106127360)
                        \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:16107175936 | Length:104857600)
                        \Device\Harddisk0\Partition3 (Start_Offset:16212033536 | Length:241539481600)
                        \Device\Harddisk0\Partition4 (Start_Offset:257751515136 | Length:242288164864)
                        .
                        ----------------------\\ Scheduled Tasks
                        .
                        C:\Windows\Tasks\Epson Printer Software Downloader.job
                        C:\Windows\Tasks\Final Media Player Update Checker.job
                        C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
                        C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
                        C:\Windows\Tasks\SA.DAT
                        C:\Windows\Tasks\SCHEDLGU.TXT
                        .
                        ----------------------\\ Registry
                        .
                        .
                        ----------------------\\ Files & Folders
                        .
                        ----------------------\\ Scan completed at 08:19.27
                        .
                        C:\Rooter$\Rooter_2.txt - (15/11/2011 | 08:19.27)

                        SuperDave

                        • Malware Removal Specialist


                        • Genius
                        • Thanked: 991
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 8
                        Re: virus but viral removal tools cant seem to find it
                        « Reply #14 on: November 15, 2011, 11:49:41 AM »
                        I'd like to scan your machine with ESET OnlineScan

                        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                        ESET OnlineScan
                        •Click the button.
                        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                        • Click on to download the ESET Smart Installer. Save it to your desktop.
                        • Double click on the icon on your desktop.
                        •Check
                        •Click the button.
                        •Accept any security warnings from your browser.
                        •Check
                        •Push the Start button.
                        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                        •When the scan completes, push
                        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                        •Push the button.
                        •Push
                        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender