Hi,
I have tried to follow steps I have read online regarding removal of the AV Guard Online Malware. I have google redirect issues sending me to SPAM websites. The LAN settings did not have the proxy setting clicked and I tried running TDSS and nothing malicious is found. Once I run Malwarebytes the scan stops after 30 seconds and closes the program. My anti virus program keeps turning off and asking me to fix the status. Once I change the status it will require me to restart my computer. Please help! See below for the DDS log and the attach.txt log. I cannot run GMER because I have 64 bit windows vista so I did not attach the file from GMER as this froze my computer.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by Home at 20:52:29 on 2011-10-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.2373 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\3951070527:3228729108.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\winsett.exe
C:\Windows\system32\winsett.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Users\Home\AppData\Local\Temp\winsett.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = Preserve
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: c:\windows\system32\a0xzg.dll: {d3a152c1-a201-90bd-b821-04b53a2c8952} - c:\windows\system32\a0xzg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Windows Auto Config] c:\users\home\appdata\local\temp\winsett.exe
uRun: [Windows Defragment] c:\windows\winsett.exe
uRun: [System Cleanup] c:\windows\system32\winsett.exe
uRun: [Spyware Doctor with AntiVirus] c:\users\home\desktop\sdasetup_revwire207.exe -min
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
mRun: [cftmon] c:\windows\system32\fbjx.exe
mRun: [MqmPdb] c:\windows\temp\he7qc.exe
mRun: [MqmPvB] c:\windows\temp\yoof40t.exe
mRun: [MqmPcc] c:\windows\temp\f0koqen.exe
mRun: [Windows Auto Config] c:\users\home\appdata\local\temp\winsett.exe
mRun: [Windows Defragment] c:\windows\winsett.exe
mRun: [System Cleanup] c:\windows\system32\winsett.exe
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MqmPdb] c:\windows\temp\he7qc.exe
dRun: [MqmPvB] c:\windows\temp\yoof40t.exe
dRun: [MqmPcc] c:\windows\temp\f0koqen.exe
StartupFolder: c:\users\home\appdata\roaming\microsoft\windows\start menu\programs\startup\crss.exe
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: microsoft.com\office
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235666869495&h=7f0741001e661d1bc55d92bc619b51e0/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{74DEFE3F-39CD-4C3C-BA38-21F4073BE24A} : DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{AFFA35B4-D23B-40D8-B629-64AA5A8B21DF} : DhcpNameServer = 68.87.74.166 68.87.68.166
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
STS: c:\windows\system32\a0xzg.dll: {d3a152c1-a201-90bd-b821-04b53a2c8952} - c:\windows\system32\a0xzg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 74.55.76.230 www.google-analytics.com.
Hosts: 74.55.76.230 ad-emea.doubleclick.net.
Hosts: 74.55.76.230 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-26 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-24 461864]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-10-9 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-10-9 338880]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-31 64712]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-31 164776]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-31 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-31 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-31 148520]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-12-24 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-12-24 203264]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-31 338040]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-12-24 3663360]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
S2 5016;5016;c:\users\home\appdata\local\temp\5016.sys [2011-10-9 133120]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f091b975\AEstSrv.exe [2008-12-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate1ca932fbab02360;Google Update Service (gupdate1ca932fbab02360);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 133104]
S2 inewnetwork;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetswork [2008-1-20 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-31 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-31 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-31 166024]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-10-9 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-10-9 1150936]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-31 57432]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-24 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 133104]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-24 180072]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-24 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-31 87808]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-24 40552]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-12-24 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-12-24 277440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-11 00:19:50 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{76beb441-b54f-419c-9377-f1f280ac7587}\offreg.dll
2011-10-10 03:32:51 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-10 03:32:51 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-10-10 03:32:51 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-10-10 03:32:51 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-10-10 03:32:49 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-10-10 03:32:49 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-10 03:32:47 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-10 03:32:43 -------- d-----w- c:\users\home\appdata\roaming\PC Tools
2011-10-10 03:32:43 -------- d-----w- c:\program files\PC Tools Security
2011-10-10 03:32:43 -------- d-----w- c:\program files\common files\PC Tools
2011-10-10 03:31:39 -------- d-----w- c:\programdata\PC Tools
2011-10-10 02:59:46 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-10 02:51:50 18944 ---h--w- c:\windows\winsett.exe
2011-10-10 02:51:50 18944 ---h--w- c:\windows\system32\winsett.exe
2011-10-09 22:13:17 7680 ----a-w- c:\windows\system\svchost.exe
2011-10-09 22:12:36 53248 ----a-w- c:\windows\system32\Irmonv32.dll
2011-10-09 22:11:10 50000 ----a-w- c:\windows\system32\a0xzg.dll
2011-10-09 22:10:30 440320 ----a-w- c:\windows\system32\fbjx.exe
2011-10-09 22:10:29 440320 ----a-w- c:\windows\system32\loff.exe
2011-10-09 22:10:28 440320 ----a-w- c:\windows\system32\bwdzm.exe
2011-10-09 22:10:26 440320 ----a-w- c:\windows\system32\zvotb.exe
2011-10-09 22:10:26 440320 ----a-w- c:\windows\system32\xwqfl.exe
2011-10-09 22:10:24 440320 ----a-w- c:\windows\system32\ocos.exe
2011-10-09 22:10:04 53248 ----a-w- c:\windows\system32\Iasv32.dll
2011-10-09 22:10:02 53248 ----a-w- c:\windows\system32\FastUv32.dll
2011-10-09 22:09:58 220160 ----a-w- c:\windows\system32\inetsw32.dll
2011-10-09 22:09:55 50000 ----a-w- c:\windows\system32\swudgior.dll
2011-10-09 22:09:54 50000 ----a-w- c:\windows\system32\y2s015mz.dll
2011-10-09 19:15:52 -------- d-----w- c:\users\home\appdata\roaming\VkIIVVrlO
2011-10-09 19:15:51 -------- d-----w- c:\users\home\appdata\roaming\GyyxAAdWjYekVzN
2011-10-09 19:15:49 -------- d-----w- c:\users\home\appdata\roaming\Y5Q6KTjCeBz2FQ6
2011-10-09 19:15:47 -------- d-----w- c:\users\home\appdata\roaming\OfffRL99hX
2011-10-09 18:59:04 -------- d-----w- c:\users\home\appdata\roaming\hmGG55sQJ6dE89X
2011-10-09 18:58:59 -------- d-----w- c:\users\home\appdata\roaming\eXXXwjjUVelBtPN
2011-10-09 18:58:59 -------- d-----w- c:\users\home\appdata\roaming\bsQJ7dEEK8RZ9Yj
2011-10-09 18:58:58 -------- d-----w- c:\users\home\appdata\roaming\b55ssQJ77EK8gZh
2011-10-09 18:54:27 3042304 ----a-w- c:\windows\system32\ONt0ucS2iDp4Q6W.exe
2011-10-09 18:51:30 -------- d-----w- c:\programdata\WSTB
2011-10-09 18:51:14 3042304 ----a-w- c:\windows\system32\FELL88gTZ.exe
2011-10-09 18:32:16 -------- d-----w- c:\users\home\appdata\roaming\tGGG4aaQH6sK7EL
2011-10-09 18:32:15 -------- d-----w- c:\users\home\appdata\roaming\A000uccS2ib3
2011-10-09 18:32:07 69120 ----a-w- c:\users\home\appdata\roaming\microsoft\windows\start menu\programs\startup\crss.exe
2011-10-09 18:32:06 -------- d-----w- c:\users\home\appdata\roaming\d777fEEL8gTqhCw
2011-10-09 18:32:06 -------- d-----w- c:\users\home\appdata\roaming\BPP00yccS1iD3nF
2011-10-07 11:49:42 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{76beb441-b54f-419c-9377-f1f280ac7587}\mpengine.dll
2011-09-15 23:55:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-10-11 00:35:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 00:05:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:54:36.08 ===============
I have tried to follow steps I have read online regarding removal of the AV Guard Online Malware. I have google redirect issues sending me to SPAM websites. The LAN settings did not have the proxy setting clicked and I tried running TDSS and nothing malicious is found. Once I run Malwarebytes the scan stops after 30 seconds and closes the program. My anti virus program keeps turning off and asking me to fix the status. Once I change the status it will require me to restart my computer. Please help! See below for the DDS log and the attach.txt log. I cannot run GMER because I have 64 bit windows vista so I did not attach the file from GMER as this froze my computer.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by Home at 20:52:29 on 2011-10-10
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3066.2373 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\3951070527:3228729108.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\winsett.exe
C:\Windows\system32\winsett.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Users\Home\AppData\Local\Temp\winsett.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = Preserve
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: c:\windows\system32\a0xzg.dll: {d3a152c1-a201-90bd-b821-04b53a2c8952} - c:\windows\system32\a0xzg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Windows Auto Config] c:\users\home\appdata\local\temp\winsett.exe
uRun: [Windows Defragment] c:\windows\winsett.exe
uRun: [System Cleanup] c:\windows\system32\winsett.exe
uRun: [Spyware Doctor with AntiVirus] c:\users\home\desktop\sdasetup_revwire207.exe -min
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
mRun: [cftmon] c:\windows\system32\fbjx.exe
mRun: [MqmPdb] c:\windows\temp\he7qc.exe
mRun: [MqmPvB] c:\windows\temp\yoof40t.exe
mRun: [MqmPcc] c:\windows\temp\f0koqen.exe
mRun: [Windows Auto Config] c:\users\home\appdata\local\temp\winsett.exe
mRun: [Windows Defragment] c:\windows\winsett.exe
mRun: [System Cleanup] c:\windows\system32\winsett.exe
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [MqmPdb] c:\windows\temp\he7qc.exe
dRun: [MqmPvB] c:\windows\temp\yoof40t.exe
dRun: [MqmPcc] c:\windows\temp\f0koqen.exe
StartupFolder: c:\users\home\appdata\roaming\microsoft\windows\start menu\programs\startup\crss.exe
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: microsoft.com\office
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1235666869495&h=7f0741001e661d1bc55d92bc619b51e0/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{74DEFE3F-39CD-4C3C-BA38-21F4073BE24A} : DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{AFFA35B4-D23B-40D8-B629-64AA5A8B21DF} : DhcpNameServer = 68.87.74.166 68.87.68.166
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
STS: c:\windows\system32\a0xzg.dll: {d3a152c1-a201-90bd-b821-04b53a2c8952} - c:\windows\system32\a0xzg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 74.55.76.230 www.google-analytics.com.
Hosts: 74.55.76.230 ad-emea.doubleclick.net.
Hosts: 74.55.76.230 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-26 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-24 461864]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-10-9 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-10-9 338880]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-31 64712]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-31 164776]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-31 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-31 160344]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-31 148520]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-12-24 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-12-24 203264]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-31 338040]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-12-24 3663360]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
S2 5016;5016;c:\users\home\appdata\local\temp\5016.sys [2011-10-9 133120]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f091b975\AEstSrv.exe [2008-12-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate1ca932fbab02360;Google Update Service (gupdate1ca932fbab02360);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 133104]
S2 inewnetwork;Network Location Awarenes(NLA);c:\windows\system32\svchost.exe -k inetswork [2008-1-20 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-31 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-31 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-31 166024]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-10-9 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-10-9 1150936]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-31 57432]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-24 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 133104]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-24 180072]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-24 59288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-31 87808]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-24 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-24 40552]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-12-24 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-12-24 277440]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-11 00:19:50 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{76beb441-b54f-419c-9377-f1f280ac7587}\offreg.dll
2011-10-10 03:32:51 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-10 03:32:51 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-10-10 03:32:51 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-10-10 03:32:51 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-10-10 03:32:49 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-10-10 03:32:49 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-10 03:32:47 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-10 03:32:43 -------- d-----w- c:\users\home\appdata\roaming\PC Tools
2011-10-10 03:32:43 -------- d-----w- c:\program files\PC Tools Security
2011-10-10 03:32:43 -------- d-----w- c:\program files\common files\PC Tools
2011-10-10 03:31:39 -------- d-----w- c:\programdata\PC Tools
2011-10-10 02:59:46 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-10 02:51:50 18944 ---h--w- c:\windows\winsett.exe
2011-10-10 02:51:50 18944 ---h--w- c:\windows\system32\winsett.exe
2011-10-09 22:13:17 7680 ----a-w- c:\windows\system\svchost.exe
2011-10-09 22:12:36 53248 ----a-w- c:\windows\system32\Irmonv32.dll
2011-10-09 22:11:10 50000 ----a-w- c:\windows\system32\a0xzg.dll
2011-10-09 22:10:30 440320 ----a-w- c:\windows\system32\fbjx.exe
2011-10-09 22:10:29 440320 ----a-w- c:\windows\system32\loff.exe
2011-10-09 22:10:28 440320 ----a-w- c:\windows\system32\bwdzm.exe
2011-10-09 22:10:26 440320 ----a-w- c:\windows\system32\zvotb.exe
2011-10-09 22:10:26 440320 ----a-w- c:\windows\system32\xwqfl.exe
2011-10-09 22:10:24 440320 ----a-w- c:\windows\system32\ocos.exe
2011-10-09 22:10:04 53248 ----a-w- c:\windows\system32\Iasv32.dll
2011-10-09 22:10:02 53248 ----a-w- c:\windows\system32\FastUv32.dll
2011-10-09 22:09:58 220160 ----a-w- c:\windows\system32\inetsw32.dll
2011-10-09 22:09:55 50000 ----a-w- c:\windows\system32\swudgior.dll
2011-10-09 22:09:54 50000 ----a-w- c:\windows\system32\y2s015mz.dll
2011-10-09 19:15:52 -------- d-----w- c:\users\home\appdata\roaming\VkIIVVrlO
2011-10-09 19:15:51 -------- d-----w- c:\users\home\appdata\roaming\GyyxAAdWjYekVzN
2011-10-09 19:15:49 -------- d-----w- c:\users\home\appdata\roaming\Y5Q6KTjCeBz2FQ6
2011-10-09 19:15:47 -------- d-----w- c:\users\home\appdata\roaming\OfffRL99hX
2011-10-09 18:59:04 -------- d-----w- c:\users\home\appdata\roaming\hmGG55sQJ6dE89X
2011-10-09 18:58:59 -------- d-----w- c:\users\home\appdata\roaming\eXXXwjjUVelBtPN
2011-10-09 18:58:59 -------- d-----w- c:\users\home\appdata\roaming\bsQJ7dEEK8RZ9Yj
2011-10-09 18:58:58 -------- d-----w- c:\users\home\appdata\roaming\b55ssQJ77EK8gZh
2011-10-09 18:54:27 3042304 ----a-w- c:\windows\system32\ONt0ucS2iDp4Q6W.exe
2011-10-09 18:51:30 -------- d-----w- c:\programdata\WSTB
2011-10-09 18:51:14 3042304 ----a-w- c:\windows\system32\FELL88gTZ.exe
2011-10-09 18:32:16 -------- d-----w- c:\users\home\appdata\roaming\tGGG4aaQH6sK7EL
2011-10-09 18:32:15 -------- d-----w- c:\users\home\appdata\roaming\A000uccS2ib3
2011-10-09 18:32:07 69120 ----a-w- c:\users\home\appdata\roaming\microsoft\windows\start menu\programs\startup\crss.exe
2011-10-09 18:32:06 -------- d-----w- c:\users\home\appdata\roaming\d777fEEL8gTqhCw
2011-10-09 18:32:06 -------- d-----w- c:\users\home\appdata\roaming\BPP00yccS1iD3nF
2011-10-07 11:49:42 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{76beb441-b54f-419c-9377-f1f280ac7587}\mpengine.dll
2011-09-15 23:55:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-10-11 00:35:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-15 14:00:06 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-08-15 14:00:06 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-08-15 14:00:06 64712 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-08-15 14:00:06 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-08-15 14:00:06 57432 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-08-15 14:00:06 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-08-15 14:00:06 338040 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-08-15 14:00:06 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-08-15 14:00:06 164776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-08-15 14:00:06 119808 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-23 00:05:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:54:36.08 ===============