TechSpot

[A] Please help! 2 iexplorer.exe running problem

Inactive
By carmenmiranda
Feb 5, 2012
Topic Status:
Not open for further replies.
  1. I have two iexplorer.exe running and the first one is using TONS of memory. I am sure I am a couple of issues going on. ANY help is greatly appreciated. I have attached my hijackthis.log file. Please let me know if I can give any more information that may be of help.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. carmenmiranda

    carmenmiranda Newcomer, in training Topic Starter

    MBAM Log

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.06.03

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Karen :: KAREN-PC [administrator]

    Protection: Disabled

    2/6/2012 11:03:20 AM
    mbam-log-2012-02-06 (11-03-20).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 236572
    Time elapsed: 9 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Go on.............
  5. carmenmiranda

    carmenmiranda Newcomer, in training Topic Starter

    Gmer

    Just performed scan with GMER and it had a message saying that GMER did not find any system modifications (I believe that was what it said). Should it not still have given me some type of log?
  6. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    That's fine.
    Go on with DDS.
  7. carmenmiranda

    carmenmiranda Newcomer, in training Topic Starter

    DDS.txt

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Karen at 11:10:37 on 2012-02-07
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4086.2136 [GMT -8:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\QuickTime\QTTask.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.searchqu.com/102
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [AdobeBridge]
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [NPSStartup]
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{2ABFCD2B-2CF6-4F76-B952-78EAB66624D3} : NameServer = 192.168.0.1
    TCP: Interfaces\{2ABFCD2B-2CF6-4F76-B952-78EAB66624D3}\14E64616140707C656 : DhcpNameServer = 10.0.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    BHO-X64: Searchqu Toolbar - No File
    BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
    mRun-x64: [NPSStartup]
    mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\74hfidoo.default\
    FF - prefs.js: browser.search.selectedEngine - Search Results
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Karen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-2 2343816]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-6 652360]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 BENDER;Pinnacle DV/AV Capture;C:\Windows\system32\drivers\bender64.sys --> C:\Windows\system32\drivers\bender64.sys [?]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
    R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-18 167264]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-29 1038088]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
    S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?]
    S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\system32\DRIVERS\sscebus.sys --> C:\Windows\system32\DRIVERS\sscebus.sys [?]
    S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\system32\DRIVERS\sscemdfl.sys --> C:\Windows\system32\DRIVERS\sscemdfl.sys [?]
    S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\system32\DRIVERS\sscemdm.sys --> C:\Windows\system32\DRIVERS\sscemdm.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-5-3 16448]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-02-07 14:59:06 -------- d-----w- C:\Users\Karen\AppData\Local\{62C3D3FE-F045-4A12-8BC1-3BC16139DB2C}
    2012-02-07 14:58:40 -------- d-----w- C:\Users\Karen\AppData\Local\{614180E7-AFC4-4319-B8A5-7EBD91A2E743}
    2012-02-07 14:57:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-02-06 22:22:54 -------- d-----w- C:\Users\Karen\AppData\Local\{9F2EAA13-7664-42B4-B31F-C7A99B455FD0}
    2012-02-06 22:22:42 -------- d-----w- C:\Users\Karen\AppData\Local\{D6FE7DFF-939B-4636-A932-7DE381A90CA5}
    2012-02-06 21:50:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-02-06 18:06:58 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-06 18:06:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-06 15:04:24 -------- d-----w- C:\Users\Karen\AppData\Local\{987ABBDD-9FEE-4038-8B06-D80A71066DA3}
    2012-02-06 15:04:05 -------- d-----w- C:\Users\Karen\AppData\Local\{ECD358B0-3CCE-48B5-8F43-6AC19DC94EBD}
    2012-02-05 22:59:56 -------- d-----w- C:\Users\Karen\AppData\Local\{2C99BECF-00DA-4C8A-9127-D63D291458EC}
    2012-02-05 22:59:32 -------- d-----w- C:\Users\Karen\AppData\Local\{09B5F7CE-66A8-4CFF-BBA4-229F82E8224F}
    2012-02-05 20:01:46 750440 ------w- C:\Windows\System32\HPDiscoPM9311.dll
    2012-02-05 20:01:06 -------- d-----w- C:\Program Files (x86)\HP
    2012-02-05 20:01:05 -------- d-----w- C:\Program Files\HP
    2012-02-05 20:00:12 -------- d-----w- C:\Users\Karen\AppData\Local\HP
    2012-02-05 19:50:39 -------- d-----w- C:\Users\Karen\AppData\Local\{7E7CA227-C405-4F76-9235-177A18FF1802}
    2012-02-05 19:50:17 -------- d-----w- C:\Users\Karen\AppData\Local\{37D3693D-C4EB-4930-968A-40B1C0753946}
    2012-02-05 18:30:21 -------- d-----w- C:\Users\Karen\AppData\Local\{730FF914-CCAF-45EB-9A3C-28E5331621D0}
    2012-02-05 18:30:10 -------- d-----w- C:\Users\Karen\AppData\Local\{FF270B10-0F2C-4144-802D-E825F57C343E}
    2012-02-05 17:38:59 388096 ----a-r- C:\Users\Karen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-05 17:38:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-02-05 17:16:34 -------- d-----w- C:\Users\Karen\AppData\Local\{BF603BFC-82BF-47C7-8D83-8E88A874EF36}
    2012-02-05 17:16:06 -------- d-----w- C:\Users\Karen\AppData\Local\{0249FA9E-75C2-4712-8DE6-4230621E1A64}
    2012-02-04 17:56:51 -------- d-----w- C:\Users\Karen\AppData\Local\{07C83114-D5CA-4F0E-9120-454CC9E4D96A}
    2012-02-04 17:56:24 -------- d-----w- C:\Users\Karen\AppData\Local\{9915759A-599D-4E88-97EC-E8D159AB4BD9}
    2012-02-04 15:31:50 -------- d-----w- C:\Users\Karen\AppData\Local\{1E05CA7E-436A-4A8E-A779-2F811B3C7F02}
    2012-02-04 15:31:26 -------- d-----w- C:\Users\Karen\AppData\Local\{92DA8D90-D3D6-41C0-9A71-D34A5750459D}
    2012-02-03 17:47:28 -------- d-----w- C:\Users\Karen\AppData\Local\{82442066-2384-4789-962C-A4A5502072C5}
    2012-02-03 17:47:07 -------- d-----w- C:\Users\Karen\AppData\Local\{3BD7C99F-26F7-4487-B5DE-01975C591ED1}
    2012-02-03 17:46:38 -------- d-----w- C:\Users\Karen\AppData\Local\{EBF00752-7605-4EE6-B69E-1B477DD4253F}
    2012-02-03 17:46:10 -------- d-----w- C:\Users\Karen\AppData\Local\{AE4361AE-D72C-43A0-BBFD-A7580E7C39A0}
    2012-02-03 17:40:49 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-02-03 15:09:33 -------- d-----w- C:\Users\Karen\AppData\Local\{1F9B9764-3EF1-428F-9CAE-F2AC13B96BDC}
    2012-02-03 15:08:57 -------- d-----w- C:\Users\Karen\AppData\Local\{922D7D8F-766D-40DC-8495-EB4D82B324B3}
    2012-02-02 15:00:54 -------- d-----w- C:\Users\Karen\AppData\Local\{CB23143E-781E-4515-B30E-BC5434874E2A}
    2012-02-02 15:00:29 -------- d-----w- C:\Users\Karen\AppData\Local\{C52C9DCC-02CD-46A4-A683-5A0CC51A85B9}
    2012-02-02 01:05:26 -------- d-----w- C:\ProgramData\Propellerhead Software
    2012-02-01 15:10:41 -------- d-----w- C:\Users\Karen\AppData\Local\{ECAD6804-93B0-4B0B-BF90-E84834901ED0}
    2012-02-01 15:10:11 -------- d-----w- C:\Users\Karen\AppData\Local\{91D9325F-2088-4B88-8937-ACA782777549}
    2012-02-01 05:06:47 -------- d-----w- C:\Users\Karen\AppData\Local\{07A6539A-8F5A-429B-B0DA-7A437001325B}
    2012-02-01 05:06:32 -------- d-----w- C:\Users\Karen\AppData\Local\{FE7D854E-F731-4ADA-A048-5D941480E4A3}
    2012-01-31 19:07:16 -------- d-----w- C:\Users\Karen\AppData\Local\{6180AF0A-A970-4CF6-9D44-A854B35C7489}
    2012-01-31 19:07:05 -------- d-----w- C:\Users\Karen\AppData\Local\{A7D86378-C22E-45E1-A4FA-3F506ABCA10E}
    2012-01-31 17:22:19 -------- d-----w- C:\Users\Karen\AppData\Local\{4FCFB2EF-1486-4CFA-A1FE-CAE35F7CF989}
    2012-01-31 17:21:51 -------- d-----w- C:\Users\Karen\AppData\Local\{34CEDEB6-4759-4BE6-8054-2837CB8DFA0C}
    2012-01-31 15:34:42 -------- d-----w- C:\Users\Karen\AppData\Local\{C4C33698-E70D-4DF4-B144-3DF61FA9EC5E}
    2012-01-31 15:34:16 -------- d-----w- C:\Users\Karen\AppData\Local\{BADC9516-080C-4ED7-A153-92647CE3FC52}
    2012-01-31 02:53:41 -------- d-----w- C:\Program Files (x86)\Propellerhead
    2012-01-30 21:17:25 -------- d-----w- C:\Users\Karen\AppData\Local\{5B908B0C-2F5E-486A-8D2E-8CE4466B0C33}
    2012-01-30 21:17:13 -------- d-----w- C:\Users\Karen\AppData\Local\{B8129A6A-9914-4B33-A971-4CB43C211CFD}
    2012-01-30 15:16:37 -------- d-----w- C:\Users\Karen\AppData\Local\{9064B00C-0779-4338-8521-623A97279E18}
    2012-01-30 15:16:07 -------- d-----w- C:\Users\Karen\AppData\Local\{02F39CCB-7261-4BD0-B4B2-4E0377F8BACB}
    2012-01-30 00:23:56 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
    2012-01-30 00:23:31 -------- d-----w- C:\Program Files (x86)\VstPlugins
    2012-01-30 00:23:19 1294336 ----a-w- C:\Windows\SysWow64\vorbis.acm
    2012-01-30 00:23:12 -------- d-----w- C:\Program Files (x86)\Outsim
    2012-01-30 00:22:36 -------- d-----w- C:\Program Files (x86)\Image-Line
    2012-01-29 23:53:46 -------- d-----w- C:\Program Files (x86)\Sony
    2012-01-29 23:52:55 -------- d-----w- C:\Program Files (x86)\Sony Setup
    2012-01-29 15:28:11 -------- d-----w- C:\Users\Karen\AppData\Local\{0D6763BE-B5E8-4159-88BC-70EFEF3358E7}
    2012-01-29 15:27:55 -------- d-----w- C:\Users\Karen\AppData\Local\{65733AFA-C3EA-4252-AB7F-BB33FCC6085A}
    2012-01-28 19:04:30 -------- d-----w- C:\Users\Karen\AppData\Local\{AE62C747-8362-46CB-87C1-A143EC16A79D}
    2012-01-28 19:04:19 -------- d-----w- C:\Users\Karen\AppData\Local\{E47064CB-0A5A-401B-A630-AEB04559E5FD}
    2012-01-28 15:47:34 -------- d-----w- C:\Users\Karen\AppData\Local\{8514530B-648E-4DAC-9E38-81D065EA94A0}
    2012-01-28 15:47:21 -------- d-----w- C:\Users\Karen\AppData\Local\{66CEB986-F355-4D81-B3A6-097B5DD10CCA}
    2012-01-28 07:29:42 -------- d-sh--w- C:\Windows\ftpcache
    2012-01-28 07:29:24 -------- d-----w- C:\Users\Karen\AppData\Local\jZip
    2012-01-28 07:28:52 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-01-28 07:28:49 -------- d-----w- C:\Program Files (x86)\jZip
    2012-01-28 07:26:57 -------- d-----w- C:\Users\Karen\AppData\Local\{9CCA3521-5315-487E-93B4-1CD22D6C6269}
    2012-01-28 07:26:45 -------- d-----w- C:\Users\Karen\AppData\Local\{8302E057-9BC2-416D-A00E-CBD21054A3E7}
    2012-01-28 07:00:10 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes
    2012-01-28 07:00:03 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-01-28 06:56:17 -------- d-----w- C:\Users\Karen\AppData\Local\{9DBB9CFA-B2E0-4B8B-8D4A-AF5F4001E1C6}
    2012-01-28 06:56:02 -------- d-----w- C:\Users\Karen\AppData\Local\{38680F54-EB98-44F8-934A-7671BE084D6B}
    2012-01-27 15:23:07 -------- d-----w- C:\Users\Karen\AppData\Local\{20BF8473-DA75-45F5-9E0E-CB06C53E9389}
    2012-01-27 15:21:58 -------- d-----w- C:\Users\Karen\AppData\Local\{C48F130B-D2B2-46B9-8108-27501FACBDB7}
    2012-01-26 15:29:11 -------- d-----w- C:\Users\Karen\AppData\Local\{2D875082-A2EA-4BC6-9E8F-E9CD69B52C0A}
    2012-01-26 15:27:51 -------- d-----w- C:\Users\Karen\AppData\Local\{4178238D-9C5D-4327-8682-B91BC6D71282}
    2012-01-26 01:40:18 -------- d-----w- C:\Windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
    2012-01-25 15:31:45 -------- d-----w- C:\Users\Karen\AppData\Local\{E9AB48A2-B460-4D02-A01B-3CD4594C3729}
    2012-01-25 15:30:32 -------- d-----w- C:\Users\Karen\AppData\Local\{2EAF90D0-9FCA-42EC-860C-C0C9906CE201}
    2012-01-24 21:18:27 -------- d-----w- C:\Users\Karen\AppData\Local\{579ABABF-D2E2-478B-AAE5-18212B4C6AB7}
    2012-01-24 21:18:08 -------- d-----w- C:\Users\Karen\AppData\Local\{A560CB50-C4B4-4541-B1E1-A0963EDA819A}
    2012-01-24 15:38:18 -------- d-----w- C:\Users\Karen\AppData\Local\{2AA0239F-6DF7-407F-9855-1BCEBE9057CF}
    2012-01-24 15:37:22 -------- d-----w- C:\Users\Karen\AppData\Local\{DAFE4BBA-0FC8-4E98-AF9C-721C58473B5A}
    2012-01-23 15:37:46 -------- d-----w- C:\Users\Karen\AppData\Local\{BBF9DC2A-33A1-40D8-B557-7FF3687CEAF9}
    2012-01-23 15:37:02 -------- d-----w- C:\Users\Karen\AppData\Local\{5D2773D4-2CFC-45E4-B83C-DADC09324F48}
    2012-01-22 17:25:55 -------- d-----w- C:\Users\Karen\AppData\Local\{20115741-F92F-4811-B9B5-BC3880C7CE63}
    2012-01-22 17:25:39 -------- d-----w- C:\Users\Karen\AppData\Local\{1750F63B-6D36-4290-89BA-83A077E2FC86}
    2012-01-21 15:00:53 -------- d-----w- C:\Users\Karen\AppData\Local\{C757AA93-61EF-44FE-9C4D-4A4AFF737209}
    2012-01-21 14:59:19 -------- d-----w- C:\Users\Karen\AppData\Local\{29B40D24-D947-49E2-A5E4-CD3FF1D6635A}
    2012-01-21 02:45:48 -------- d-----w- C:\Users\Karen\AppData\Local\{3528AC22-1730-40F7-914E-FF61B2F130C4}
    2012-01-21 02:45:17 -------- d-----w- C:\Users\Karen\AppData\Local\{A8653AB2-BE0E-4743-B2F7-C334EE7B32B8}
    2012-01-20 15:46:15 -------- d-----w- C:\Users\Karen\AppData\Local\{E0FA9BCA-412F-42C7-A4C1-1FDD5010BA94}
    2012-01-20 15:45:17 -------- d-----w- C:\Users\Karen\AppData\Local\{2EB558F2-1C02-4C1C-B570-61D33213272C}
    2012-01-19 23:21:05 -------- d-----w- C:\Users\Karen\AppData\Local\{B893963F-E2CA-4C5E-B377-D9F54CC7B6CE}
    2012-01-19 21:51:53 -------- d-----w- C:\Users\Karen\AppData\Local\{12964A0A-BC26-4AC1-85E8-625C9F273653}
    2012-01-19 21:50:13 -------- d-----w- C:\Users\Karen\AppData\Local\{EF9023EE-5FF4-491C-B1CF-16D92C08621C}
    2012-01-19 15:56:21 -------- d-----w- C:\Users\Karen\AppData\Local\{F086083D-A2B2-47AF-B790-0D5E3947BA05}
    2012-01-19 15:55:25 -------- d-----w- C:\Users\Karen\AppData\Local\{F69EBA50-0C5D-498C-AD87-5295438BF6F3}
    2012-01-18 16:27:37 -------- d-----w- C:\Users\Karen\AppData\Local\{CCCFC85A-E8AF-42CF-AE70-C2D1B16542DC}
    2012-01-18 16:26:24 -------- d-----w- C:\Users\Karen\AppData\Local\{ECBF8F1F-C922-4FD0-B706-4CFEA92E2871}
    2012-01-17 16:15:15 -------- d-----w- C:\Users\Karen\AppData\Local\{5EED7E19-3EC5-4356-BD1C-0DAE6D92E4A6}
    2012-01-17 16:14:54 -------- d-----w- C:\Users\Karen\AppData\Local\{BFF345BF-21C0-49FA-8C04-E144DFC0CEE2}
    2012-01-16 17:37:39 -------- d-----w- C:\Users\Karen\AppData\Local\{27BDB1C0-B43C-4CAB-87C5-D7E100618B73}
    2012-01-16 17:37:26 -------- d-----w- C:\Users\Karen\AppData\Local\{695DDDB8-7290-42C4-AD2A-A184D21E096D}
    2012-01-16 17:36:37 -------- d-----w- C:\Users\Karen\AppData\Local\{59807320-AA63-483A-8B25-1076077987BC}
    2012-01-16 17:36:26 -------- d-----w- C:\Users\Karen\AppData\Local\{763C6A33-DB19-4669-ACA3-168923934DE9}
    2012-01-15 15:17:51 -------- d-----w- C:\Users\Karen\AppData\Local\{4598DB42-121D-4479-AF6E-7F25F7F33F60}
    2012-01-15 15:16:58 -------- d-----w- C:\Users\Karen\AppData\Local\{BD26A32E-24B3-4973-AE68-2B5DF93D4ECF}
    2012-01-15 03:52:20 -------- d-----w- C:\Users\Karen\AppData\Local\{DF5C6D4B-4A04-4601-B170-F4218CB92306}
    2012-01-15 03:52:09 -------- d-----w- C:\Users\Karen\AppData\Local\{65267901-3E9B-42C0-BAB1-CEB2FB5F5366}
    2012-01-14 15:10:10 -------- d-----w- C:\Users\Karen\AppData\Local\{983B880F-7193-446A-ACC9-92D36E6563B5}
    2012-01-14 15:08:56 -------- d-----w- C:\Users\Karen\AppData\Local\{A9577180-024B-4C07-8406-13AB3667044C}
    2012-01-14 06:12:43 -------- d-----w- C:\Program Files (x86)\EA GAMES
    2012-01-13 21:36:56 -------- d-----w- C:\Users\Karen\AppData\Local\{A07D34C8-24E9-490A-8E3A-FDF441091656}
    2012-01-13 21:36:44 -------- d-----w- C:\Users\Karen\AppData\Local\{55248236-AF40-4DA6-ABCE-B632D0BEC197}
    2012-01-13 15:19:27 -------- d-----w- C:\Users\Karen\AppData\Local\{5EAC4663-C2DB-4485-A870-38BBD5749F26}
    2012-01-13 15:19:01 -------- d-----w- C:\Users\Karen\AppData\Local\{596827A4-2C1A-4873-AA5B-C93D5D534ACC}
    2012-01-12 15:29:06 -------- d-----w- C:\Users\Karen\AppData\Local\{1653D20D-CB26-46B0-BEA0-2E5BCFE5DF26}
    2012-01-12 15:28:41 -------- d-----w- C:\Users\Karen\AppData\Local\{B5B00941-0B86-42BE-A68A-1B4A8F2F9F98}
    2012-01-11 15:41:20 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-11 15:41:20 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-11 15:41:19 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-11 15:41:19 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-11 15:41:17 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-11 15:41:17 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-11 15:41:16 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-11 15:41:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-11 15:35:24 -------- d-----w- C:\Users\Karen\AppData\Local\{1CCD98D6-E4A6-49F7-A772-1D963C0D3560}
    2012-01-11 15:35:06 -------- d-----w- C:\Users\Karen\AppData\Local\{517EE2D1-E3F1-4113-B361-8149DE101BFD}
    2012-01-10 15:37:03 -------- d-----w- C:\Users\Karen\AppData\Local\{9E3F0AA6-B375-48A6-8312-41833042C492}
    2012-01-10 15:36:39 -------- d-----w- C:\Users\Karen\AppData\Local\{4785875F-4883-475C-98BC-30C754438CB4}
    2012-01-09 15:50:33 -------- d-----w- C:\Users\Karen\AppData\Local\{5F6C6190-7068-4D05-8FF1-F0B95A64E744}
    2012-01-09 15:50:21 -------- d-----w- C:\Users\Karen\AppData\Local\{A963A06A-44C8-4B66-93BB-F8754F7F1398}
    .
    ==================== Find3M ====================
    .
    2011-12-16 22:05:59 627600 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-12-16 21:54:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-12-16 02:07:21 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-12-16 02:07:21 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-12-16 01:18:47 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-12-10 22:14:57 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2011-11-13 17:20:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 11:11:43.59 ===============
  8. carmenmiranda

    carmenmiranda Newcomer, in training Topic Starter

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/28/2010 9:01:28 PM
    System Uptime: 2/7/2012 8:32:46 AM (3 hours ago)
    .
    Motherboard: Intel Corporation | | DP55WG
    Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA 1156 | 2661/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 255.128 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 234 GiB total, 26.238 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 670.703 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP261: 2/4/2012 8:14:35 PM - 2/4/12-8:14 pm
    RP262: 2/5/2012 9:38:29 AM - Installed HiJackThis
    RP263: 2/5/2012 9:59:59 AM - Installed HiJackThis
    RP264: 2/5/2012 11:05:01 AM - Removed Battlefield 1942: The Road To Rome
    RP265: 2/5/2012 11:05:40 AM - Removed Battlefield 1942: Secret Weapons of WWII
    RP266: 2/5/2012 11:06:20 AM - Removed Battlefield 1942
    RP267: 2/6/2012 2:10:32 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.4.6
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    APB Reloaded
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    AutoHotkey 1.0.48.05
    Battlelog Web Plugins
    CameraHelperMsi
    Collab
    Connect
    CraftBukkit
    D3DX10
    Daniusoft MP3 WAV Converter(Build 2.3.1.0)
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    erLT
    ESN Sonar
    Eye-One Match 3.6.2
    Facebook Video Calling 1.1.1.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    HP Deskjet 3050 J610 series Help
    i1_driver_installer_utility_i1Match version 1.0
    IL Download Manager
    J2SE Development Kit 5.0
    J2SE Development Kit 5.0 Update 22
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 22
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 30
    Junk Mail filter update
    jZip
    Killing Floor
    kuler
    LeapFrog Connect
    LeapFrog My Pals Plugin
    Logitech Vid
    Logitech Webcam Software
    LogMeIn Hamachi
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.60.1.1000
    Men of War: Assault Squad
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft PowerPoint Viewer
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 6.0.1 (x86 en-US)
    MSI Wireless LAN Card
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NVIDIA PhysX
    PDF Settings CS4
    Photoshop Camera Raw
    PoiZone
    Portal
    Portforward Static IP Address 1.0.45
    Portrait Professional 10.1 Trial
    PunkBuster Services
    QuickTime
    Rise of Immortals
    ROES.whcc
    Rusty Hearts
    Samsung New PC Studio
    Security Task Manager 1.8d
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Sid Meier's Civilization V
    Skype Click to Call
    Skype™ 5.5
    Sony Media Manager 2.2
    Spiral Knights
    Steam
    Stella 3.1.2
    Suite Shared Configuration CS4
    Team Fortress 2
    Terraria
    The Elder Scrolls IV: Oblivion
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    VC90_CRT_x64
    virtualPhotographer 1.5.6
    Visual Studio 2008 x64 Redistributables
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WModem Driver Installer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/7/2012 6:57:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    2/7/2012 6:57:14 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/7/2012 6:57:13 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/7/2012 6:56:43 AM, Error: Service Control Manager [7000] - The PDIHWCTL service failed to start due to the following error: The system cannot find the file specified.
    2/6/2012 5:52:23 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    2/5/2012 4:53:17 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ACER-E817FAE0D8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2ABFCD2B-2CF6-4F76-B952-78EAB66624D3}. The master browser is stopping or an election is being forced.
    2/3/2012 9:49:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    2/2/2012 9:18:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    .
    ==== End Of File ===========================
  9. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.