TechSpot

Yet another Patched.64 (and other) issues

Solved
By F1forever
Nov 26, 2012
Topic Status:
Not open for further replies.
  1. Hi, my name is Bob. My wife has apparently infected he computer in a big way. I am not a novice but I am no expert either so bear with me. She has gotten patched 64 and other trojans and viruses. One issue up front is that her computer has touble booting in normal mode. Don't know if this is a result of trojan but ssems to coincide, so can I run in safe mode? If not I may be away for a bit to get this thing to boot. Also I can only browse reliably via AOL for some reason. I will post MBAM Annd DDS logs soon, unless I crash again. Thanks in advance for your help.
  2. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Sorry I meant to say Patched.a
  3. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    MBAM Scan results:
    2012/11/26 01:00:42 -0500 PAM-PC (null) MESSAGE Executing scheduled update: Daily
    2012/11/26 01:00:50 -0500 PAM-PC (null) MESSAGE Scheduled update executed successfully: database updated from version v2012.11.23.06 to version v2012.11.26.01
    2012/11/26 08:34:08 -0500 PAM-PC Pam MESSAGE Starting protection
    2012/11/26 08:34:08 -0500 PAM-PC Pam MESSAGE Protection started successfully
    2012/11/26 08:34:08 -0500 PAM-PC Pam MESSAGE Starting IP protection
    2012/11/26 08:34:08 -0500 PAM-PC Pam ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/11/26 08:34:08 -0500 PAM-PC Pam MESSAGE Starting database refresh
    2012/11/26 08:34:09 -0500 PAM-PC Pam MESSAGE Database refreshed successfully
    2012/11/26 15:38:22 -0500 PAM-PC Pam MESSAGE Starting protection
    2012/11/26 15:38:22 -0500 PAM-PC Pam MESSAGE Protection started successfully
    2012/11/26 15:38:22 -0500 PAM-PC Pam MESSAGE Starting IP protection
    2012/11/26 15:38:22 -0500 PAM-PC Pam ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/11/26 15:38:46 -0500 PAM-PC Pam DETECTION C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\80000032.@ Rootkit.0Access QUARANTINE
    2012/11/26 15:39:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/11/26 15:48:32 -0500 PAM-PC Pam MESSAGE Starting protection
    2012/11/26 15:48:32 -0500 PAM-PC Pam MESSAGE Protection started successfully
    2012/11/26 15:48:32 -0500 PAM-PC Pam MESSAGE Starting IP protection
    2012/11/26 15:48:32 -0500 PAM-PC Pam ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/11/26 15:53:55 -0500 PAM-PC Pam MESSAGE Starting protection
    2012/11/26 15:53:55 -0500 PAM-PC Pam MESSAGE Protection started successfully
    2012/11/26 15:53:55 -0500 PAM-PC Pam MESSAGE Starting IP protection
    2012/11/26 15:53:55 -0500 PAM-PC Pam ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/11/26 15:54:29 -0500 PAM-PC Pam DETECTION C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\80000032.@ Rootkit.0Access QUARANTINE
    2012/11/26 15:54:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/11/26 15:55:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:55:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:55:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:56:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:56:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:56:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:56:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:56:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:57:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:57:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:57:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:57:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:57:42 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:57:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 15:58:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:03:17 -0500 PAM-PC Pam DETECTION c:\windows\installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\u\80000032.@ Rootkit.0Access DENY
    2012/11/26 16:03:17 -0500 PAM-PC Pam DETECTION C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\000000cb.@ Rootkit.0Access QUARANTINE
    2012/11/26 16:03:17 -0500 PAM-PC Pam DETECTION c:\windows\installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\u\80000032.@ Rootkit.0Access DENY
    2012/11/26 16:03:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:03:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:03:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:03:49 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:03:49 -0500 PAM-PC Pam DETECTION C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\80000032.@ Rootkit.0Access DENY
    2012/11/26 16:03:50 -0500 PAM-PC Pam DETECTION C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\80000032.@ Rootkit.0Access DENY
    2012/11/26 16:03:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:04:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:04:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:04:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:04:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:04:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:05:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:05:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:05:21 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:05:31 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:05:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:05:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:06:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:06:12 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:06:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:06:28 -0500 PAM-PC Pam DETECTION C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\000000cb.@ Rootkit.0Access DENY
    2012/11/26 16:06:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:06:42 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:06:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:07:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:07:13 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:07:23 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:07:33 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:07:47 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:07:57 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:08:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:08:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:08:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:08:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:08:48 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:08:58 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:09:08 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:09:18 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:09:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:09:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:09:49 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:09:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:10:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:10:19 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:10:29 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:10:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:10:50 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:11:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:11:12 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:11:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:11:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:11:42 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:11:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:12:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:12:13 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:12:23 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:12:33 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:12:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:12:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:13:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:13:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:13:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:13:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:13:44 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:13:54 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:14:04 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:14:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:14:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:14:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:14:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:14:55 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:15:05 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:15:15 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:15:25 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:15:35 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:15:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:15:55 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:16:05 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:16:15 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:16:26 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:16:36 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:16:46 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:16:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:17:06 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:17:16 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:17:26 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:17:36 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:17:47 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:17:57 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:18:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:18:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:18:27 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:18:37 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:18:47 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:18:57 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:19:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:19:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:19:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:19:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:19:48 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:19:58 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:20:08 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:20:18 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:20:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:20:21 -0500 PAM-PC Pam DETECTION c:\windows\installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\u\80000032.@ Rootkit.0Access DENY
    2012/11/26 16:20:23 -0500 PAM-PC Pam DETECTION c:\windows\installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\u\80000032.@ Rootkit.0Access DENY
    2012/11/26 16:20:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:20:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:20:49 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:20:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:21:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:21:19 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:21:29 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:21:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:21:50 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:22:00 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:22:10 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:22:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:22:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:22:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:22:50 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:23:00 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:23:10 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:23:21 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:23:31 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:23:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:23:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:24:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:24:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:24:21 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:24:31 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:24:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:24:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:25:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:25:12 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:25:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:25:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:25:42 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:25:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:26:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:26:12 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:26:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:26:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:26:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:26:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:27:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:27:13 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:27:23 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:27:33 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:27:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:27:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:28:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:28:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:28:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:28:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:28:44 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:28:54 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:29:04 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:29:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:29:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:29:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:29:44 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:29:54 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:30:05 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:30:15 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:30:25 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:30:35 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:30:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:30:55 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:31:05 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:31:15 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:31:25 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:31:36 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:31:46 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:31:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:32:06 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:32:16 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:32:26 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:32:36 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:32:46 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:32:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:33:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:33:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:33:27 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:33:37 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:33:47 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:33:57 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:34:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:34:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:34:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:34:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:34:48 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:34:58 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:35:08 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:35:18 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:35:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:35:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:35:48 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:35:58 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:36:08 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:36:18 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:36:29 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:36:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:36:49 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:36:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:37:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:37:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:37:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:37:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:37:50 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:38:00 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:38:10 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:38:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:38:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:38:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:38:50 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:39:00 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:39:10 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:39:21 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:39:31 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:39:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:39:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:40:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:40:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:40:21 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:40:31 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:40:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:40:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:41:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:41:12 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:41:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:41:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:41:42 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:41:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:42:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:42:12 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:42:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:42:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:42:42 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:42:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:43:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:43:13 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:43:23 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:43:33 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:43:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:43:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:44:04 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:44:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:44:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:44:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:44:44 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:44:54 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:45:04 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:45:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:45:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:45:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:45:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:45:55 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:46:05 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:46:15 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:46:25 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:46:35 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:46:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:46:55 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:47:05 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:47:15 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:47:25 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:47:35 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:47:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:47:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:48:06 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:48:16 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:48:26 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:48:36 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:48:46 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:48:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:49:06 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:49:16 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:49:26 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:49:36 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:49:46 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:49:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:50:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:50:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:50:27 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:50:37 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:50:47 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:50:57 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:51:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:51:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:51:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:51:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:51:48 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:51:58 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:52:08 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:52:18 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:52:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:52:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:52:48 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:52:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:53:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:53:19 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:53:29 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:53:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:53:49 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:53:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:54:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:54:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:54:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:54:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:54:50 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:55:00 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:55:10 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:55:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:55:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:55:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:55:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:56:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:56:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:56:21 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:56:31 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:56:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:56:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:57:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:57:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:57:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:57:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:57:42 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:57:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:58:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:58:12 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:58:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:58:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:58:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:58:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:59:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:59:13 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:59:23 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:59:33 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:59:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 16:59:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:00:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:00:13 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:00:23 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:00:33 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:00:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:00:54 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:01:04 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:01:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:01:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:01:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:01:44 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:01:54 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:02:04 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:02:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:02:25 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:02:35 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:02:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:02:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:03:06 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:03:16 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:03:27 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:03:37 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:03:47 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:03:58 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:04:08 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:04:19 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:04:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:04:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:04:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:05:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:05:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:05:22 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:05:32 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:05:43 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:05:53 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:06:03 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:06:13 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:06:25 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:06:35 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:06:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:06:56 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:07:14 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:07:24 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:07:34 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:07:45 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:07:55 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:08:05 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:08:15 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:08:26 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:08:36 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:08:47 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:08:57 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:09:07 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:09:17 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:09:27 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:09:38 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:09:48 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:09:58 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:10:08 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:10:18 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:10:28 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:10:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:10:49 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:10:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:11:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:11:19 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:11:29 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:11:39 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:11:49 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:11:59 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:12:09 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:12:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:12:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:12:40 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:12:50 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:13:00 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:13:10 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:13:20 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:13:30 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:13:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:13:51 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:14:01 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:14:11 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:14:21 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:14:31 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:14:41 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:14:52 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/11/26 17:15:02 -0500 PAM-PC Pam DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  5. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Quick note before I do Farbar. Downloaded DDS as per initial instuctions and it has bee running for about an hour with no results. Can't seem to stop or restart it.
  6. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    I know Farbar is OK on my flash, but when I try to run it on the infected computer from the command prompt by typing "g:\frst.exe" I get the response "not recognized as an internal or external command, operable program, or batch file".
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Yours might be named frst64.exe, try that. :)
  8. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Thanks that did the trick. Here's the log. It may be a while before I get back as computer went into Chkdsk on reboot and seems to have been at the same point for an hour or two but HD is working so I hope it finishes.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
    Ran by SYSTEM at 27-11-2012 19:19:08
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
    HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1674896 2011-09-16] (McAfee, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
    HKLM-x32\...\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1318811360\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
    HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-20] ()
    HKU\Pam\...\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b [42320 2011-04-25] (AOL Inc.)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    ==================== Services (Whitelisted) ===================

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 DefaultTabUpdate; "C:\Users\Pam\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [107520 2012-11-26] ()
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
    4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
    2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
    2 ZDManager Service; "C:\Program Files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe" /run [176640 2012-10-18] ()

    ==================== Drivers (Whitelisted) =====================

    3 ATWPKT2; C:\Windows\SysWow64\Drivers\ATWPKT2.sys [24904 2010-07-13] (America Online)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
    1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-11-27 08:08 - 2009-07-13 19:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-11-27 08:07 - 2012-11-27 08:07 - 00262144 ____A C:\Windows\Minidump\112712-31746-01.dmp
    2012-11-27 08:03 - 2012-11-27 08:03 - 00262144 ____A C:\Windows\Minidump\112712-59171-01.dmp
    2012-11-27 03:01 - 2012-11-27 08:03 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-27 03:01 - 2012-11-27 03:01 - 00000618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-26 18:34 - 2012-11-26 18:34 - 00262144 ____A C:\Windows\Minidump\112612-29000-01.dmp
    2012-11-26 18:31 - 2012-11-26 18:31 - 00262144 ____A C:\Windows\Minidump\112612-29452-01.dmp
    2012-11-26 17:32 - 2012-11-26 17:32 - 00262144 ____A C:\Windows\Minidump\112612-32167-01.dmp
    2012-11-26 17:07 - 2012-11-26 17:07 - 00262144 ____A C:\Windows\Minidump\112612-25942-01.dmp
    2012-11-26 16:51 - 2012-11-26 16:51 - 00688992 ____R (Swearware) C:\Users\Pam\Desktop\dds.com
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\Pam\Application Data\DefaultTab
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\Pam\AppData\Roaming\DefaultTab
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\ZDManagerService
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\WeCareReminder
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\Application Data\ZDManagerService
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\Application Data\WeCareReminder
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Program Files (x86)\ZD Systems
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
    2012-11-26 16:32 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
    2012-11-26 16:32 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\Pam\Application Data\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\All Users\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2012-11-26 16:30 - 2012-11-26 16:30 - 01639104 ____A (W3i, LLC) C:\Users\Pam\Desktop\7zip_bimo_d154539.exe
    2012-11-26 14:41 - 2012-11-26 14:41 - 00262144 ____A C:\Windows\Minidump\112612-30560-01.dmp
    2012-11-23 16:30 - 2012-11-23 16:30 - 00262144 ____A C:\Windows\Minidump\112312-26254-01.dmp
    2012-11-23 16:13 - 2012-11-23 16:13 - 00262144 ____A C:\Windows\Minidump\112312-22510-01.dmp
    2012-11-23 14:19 - 2012-11-23 14:19 - 00262144 ____A C:\Windows\Minidump\112312-35537-01.dmp
    2012-11-23 13:05 - 2012-11-23 13:05 - 00262144 ____A C:\Windows\Minidump\112312-36223-01.dmp
    2012-11-23 12:40 - 2012-11-23 12:40 - 00262144 ____A C:\Windows\Minidump\112312-27112-01.dmp
    2012-11-23 11:53 - 2012-11-23 11:53 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-23 11:53 - 2012-11-23 11:53 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-23 11:53 - 2012-11-23 11:53 - 00000000 ____D C:\Users\Pam\Application Data\Malwarebytes
    2012-11-23 11:53 - 2012-11-23 11:53 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes
    2012-11-23 11:52 - 2012-11-23 11:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-23 11:52 - 2012-11-23 11:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-23 11:52 - 2012-11-23 11:52 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-11-23 11:52 - 2012-09-29 18:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-18 19:40 - 2012-11-21 19:26 - 00015856 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETED2.xlsx
    2012-11-18 19:40 - 2012-11-21 19:26 - 00015856 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETED2.xlsx
    2012-11-18 19:29 - 2012-11-18 19:29 - 00015765 ____A C:\Users\Pam\My Documents\ranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETEDedit2.xlsx
    2012-11-18 19:29 - 2012-11-18 19:29 - 00015765 ____A C:\Users\Pam\Documents\ranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETEDedit2.xlsx
    2012-11-17 16:17 - 2012-11-17 16:18 - 00262144 ____A C:\Windows\Minidump\111712-39530-01.dmp
    2012-11-17 16:10 - 2012-11-17 16:10 - 00262144 ____A C:\Windows\Minidump\111712-23883-01.dmp
    2012-11-17 15:43 - 2012-11-17 15:43 - 00262144 ____A C:\Windows\Minidump\111712-23431-01.dmp
    2012-11-17 15:33 - 2012-11-17 18:29 - 00000000 ____D C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012H2
    2012-11-17 15:33 - 2012-11-17 18:29 - 00000000 ____D C:\Users\Pam\Documents\BranfordCalls(Knapp)2012H2
    2012-11-17 15:33 - 2012-11-17 15:33 - 00155119 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012H2.zip
    2012-11-17 15:33 - 2012-11-17 15:33 - 00155119 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012H2.zip
    2012-11-17 15:21 - 2012-11-17 17:05 - 00000000 ____D C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012Holiday
    2012-11-17 15:21 - 2012-11-17 17:05 - 00000000 ____D C:\Users\Pam\Documents\BranfordCalls(Knapp)2012Holiday
    2012-11-17 15:21 - 2012-11-17 15:21 - 00155119 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012Holiday.zip
    2012-11-17 15:21 - 2012-11-17 15:21 - 00155119 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012Holiday.zip
    2012-11-16 23:44 - 2012-11-17 15:39 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad
    2012-11-16 23:44 - 2012-11-17 15:39 - 95023320 ___AT C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad
    2012-11-16 23:44 - 2012-11-16 23:44 - 00000688 ____A C:\ctfmon.lnk
    2012-11-15 08:38 - 2012-11-15 08:38 - 00262144 ____A C:\Windows\Minidump\111512-23150-01.dmp
    2012-11-15 08:35 - 2012-11-15 08:35 - 00262144 ____A C:\Windows\Minidump\111512-48360-01.dmp
    2012-11-14 14:06 - 2012-11-18 11:55 - 00000000 ____D C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012HolidayParty
    2012-11-14 14:06 - 2012-11-18 11:55 - 00000000 ____D C:\Users\Pam\Documents\BranfordCalls(Knapp)2012HolidayParty
    2012-11-14 14:06 - 2012-11-17 15:10 - 00155119 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012HolidayParty.zip
    2012-11-14 14:06 - 2012-11-17 15:10 - 00155119 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012HolidayParty.zip
    2012-11-13 08:32 - 2012-11-13 08:32 - 00262144 ____A C:\Windows\Minidump\111312-26130-01.dmp
    2012-11-13 08:28 - 2012-11-13 08:28 - 00262144 ____A C:\Windows\Minidump\111312-33275-01.dmp
    2012-11-13 06:51 - 2012-11-13 06:52 - 00000496 ____A C:\Users\Pam\Desktop\avgrep.txt
    2012-11-13 06:49 - 2012-11-13 06:49 - 00262144 ____A C:\Windows\Minidump\111312-32604-01.dmp
    2012-11-13 06:27 - 2012-11-13 06:27 - 00262144 ____A C:\Windows\Minidump\111312-33961-01.dmp
    2012-11-13 06:18 - 2012-11-13 06:18 - 00262144 ____A C:\Windows\Minidump\111312-31761-01.dmp
    2012-11-13 06:10 - 2012-11-13 06:10 - 00262144 ____A C:\Windows\Minidump\111312-39468-01.dmp
    2012-11-11 09:02 - 2012-11-11 09:02 - 04477834 ____A C:\Users\Pam\My Documents\IMG_3174.zip
    2012-11-11 09:02 - 2012-11-11 09:02 - 04477834 ____A C:\Users\Pam\Documents\IMG_3174.zip
    2012-11-11 09:02 - 2012-11-11 09:02 - 00000000 ____D C:\Users\Pam\My Documents\IMG_3174
    2012-11-11 09:02 - 2012-11-11 09:02 - 00000000 ____D C:\Users\Pam\Documents\IMG_3174
    2012-11-09 23:39 - 2012-11-09 23:40 - 00000000 ____D C:\Users\Pam\My Documents\Foster_Survival_Guide
    2012-11-09 23:39 - 2012-11-09 23:40 - 00000000 ____D C:\Users\Pam\Documents\Foster_Survival_Guide
    2012-11-09 23:39 - 2012-11-09 23:39 - 00038267 ____A C:\Users\Pam\My Documents\Foster_Survival_Guide.zip
    2012-11-09 23:39 - 2012-11-09 23:39 - 00038267 ____A C:\Users\Pam\Documents\Foster_Survival_Guide.zip
    2012-11-08 11:17 - 2012-11-08 11:17 - 00262144 ____A C:\Windows\Minidump\110812-32323-01.dmp
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000932 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000932 ____A C:\Users\All Users\Desktop\EPSON Scan.lnk
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000000 ____D C:\Program Files (x86)\epson
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000000 ____D C:\EPSON
    2012-11-05 15:19 - 2006-10-12 23:00 - 00066560 ____A (SEIKO EPSON CORP.) C:\Windows\System32\esxcwiab.dll
    2012-11-04 10:49 - 2012-11-04 10:49 - 01404004 ____A C:\Users\Pam\My Documents\Lulu1.zip
    2012-11-04 10:49 - 2012-11-04 10:49 - 01404004 ____A C:\Users\Pam\Documents\Lulu1.zip
    2012-11-04 10:49 - 2012-11-04 10:49 - 00000000 ____D C:\Users\Pam\My Documents\Lulu1
    2012-11-04 10:49 - 2012-11-04 10:49 - 00000000 ____D C:\Users\Pam\Documents\Lulu1
    2012-11-03 13:52 - 2012-11-03 13:52 - 00352419 ____A C:\Users\Pam\My Documents\joy2.zip
    2012-11-03 13:52 - 2012-11-03 13:52 - 00352419 ____A C:\Users\Pam\Documents\joy2.zip
    2012-11-03 13:52 - 2012-11-03 13:52 - 00000000 ____D C:\Users\Pam\My Documents\joy2
    2012-11-03 13:52 - 2012-11-03 13:52 - 00000000 ____D C:\Users\Pam\Documents\joy2
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000009 ____A C:\END
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Users\Pam\Local Settings\Conduit
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Users\Pam\Local Settings\Application Data\Conduit
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Users\Pam\AppData\Local\Conduit
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Program Files (x86)\SocialSearchBar_App
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Program Files (x86)\Conduit
    2012-11-03 01:53 - 2012-11-03 01:53 - 00000000 ____D C:\Program Files (x86)\UnfriendApp


    ==================== One Month Modified Files and Folders =======

    2012-11-27 19:18 - 2012-11-27 19:18 - 00000000 ____D C:\FRST
    2012-11-27 08:13 - 2009-07-13 23:13 - 00782748 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-27 08:07 - 2012-11-27 08:07 - 00262144 ____A C:\Windows\Minidump\112712-31746-01.dmp
    2012-11-27 08:07 - 2012-09-02 13:02 - 459995047 ____A C:\Windows\MEMORY.DMP
    2012-11-27 08:07 - 2012-09-02 13:02 - 00000000 ____D C:\Windows\Minidump
    2012-11-27 08:05 - 2011-05-28 00:42 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2012-11-27 08:03 - 2012-11-27 08:03 - 00262144 ____A C:\Windows\Minidump\112712-59171-01.dmp
    2012-11-27 08:03 - 2012-11-27 03:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-27 08:03 - 2009-07-13 22:51 - 00039111 ____A C:\Windows\setupact.log
    2012-11-27 03:10 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-27 03:10 - 2009-07-13 22:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-27 03:01 - 2012-11-27 03:01 - 00000618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-26 18:48 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2012-11-26 18:34 - 2012-11-26 18:34 - 00262144 ____A C:\Windows\Minidump\112612-29000-01.dmp
    2012-11-26 18:31 - 2012-11-26 18:31 - 00262144 ____A C:\Windows\Minidump\112612-29452-01.dmp
    2012-11-26 17:32 - 2012-11-26 17:32 - 00262144 ____A C:\Windows\Minidump\112612-32167-01.dmp
    2012-11-26 17:12 - 2012-09-20 07:15 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-26 17:12 - 2012-09-20 07:15 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
    2012-11-26 17:07 - 2012-11-26 17:07 - 00262144 ____A C:\Windows\Minidump\112612-25942-01.dmp
    2012-11-26 16:51 - 2012-11-26 16:51 - 00688992 ____R (Swearware) C:\Users\Pam\Desktop\dds.com
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\Pam\Application Data\DefaultTab
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\Pam\AppData\Roaming\DefaultTab
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\ZDManagerService
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\WeCareReminder
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\Application Data\ZDManagerService
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Users\All Users\Application Data\WeCareReminder
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Program Files (x86)\ZD Systems
    2012-11-26 16:33 - 2012-11-26 16:33 - 00000000 ____D C:\Program Files (x86)\7-Zip
    2012-11-26 16:33 - 2012-11-26 16:32 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
    2012-11-26 16:33 - 2012-11-26 16:32 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo! Companion
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\Pam\Application Data\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\All Users\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Users\All Users\Application Data\Yahoo!
    2012-11-26 16:32 - 2012-11-26 16:32 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2012-11-26 16:30 - 2012-11-26 16:30 - 01639104 ____A (W3i, LLC) C:\Users\Pam\Desktop\7zip_bimo_d154539.exe
    2012-11-26 14:41 - 2012-11-26 14:41 - 00262144 ____A C:\Windows\Minidump\112612-30560-01.dmp
    2012-11-23 16:30 - 2012-11-23 16:30 - 00262144 ____A C:\Windows\Minidump\112312-26254-01.dmp
    2012-11-23 16:13 - 2012-11-23 16:13 - 00262144 ____A C:\Windows\Minidump\112312-22510-01.dmp
    2012-11-23 14:19 - 2012-11-23 14:19 - 00262144 ____A C:\Windows\Minidump\112312-35537-01.dmp
    2012-11-23 13:05 - 2012-11-23 13:05 - 00262144 ____A C:\Windows\Minidump\112312-36223-01.dmp
    2012-11-23 12:40 - 2012-11-23 12:40 - 00262144 ____A C:\Windows\Minidump\112312-27112-01.dmp
    2012-11-23 12:30 - 2010-11-20 21:47 - 00046888 ____A C:\Windows\PFRO.log
    2012-11-23 11:53 - 2012-11-23 11:53 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-23 11:53 - 2012-11-23 11:53 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-23 11:53 - 2012-11-23 11:53 - 00000000 ____D C:\Users\Pam\Application Data\Malwarebytes
    2012-11-23 11:53 - 2012-11-23 11:53 - 00000000 ____D C:\Users\Pam\AppData\Roaming\Malwarebytes
    2012-11-23 11:53 - 2012-11-23 11:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-23 11:52 - 2012-11-23 11:52 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-23 11:52 - 2012-11-23 11:52 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
    2012-11-21 19:26 - 2012-11-18 19:40 - 00015856 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETED2.xlsx
    2012-11-21 19:26 - 2012-11-18 19:40 - 00015856 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETED2.xlsx
    2012-11-18 19:29 - 2012-11-18 19:29 - 00015765 ____A C:\Users\Pam\My Documents\ranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETEDedit2.xlsx
    2012-11-18 19:29 - 2012-11-18 19:29 - 00015765 ____A C:\Users\Pam\Documents\ranfordCalls(Knapp)2012HolidayPartyFINAL-COMPLETEDedit2.xlsx
    2012-11-18 11:55 - 2012-11-14 14:06 - 00000000 ____D C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012HolidayParty
    2012-11-18 11:55 - 2012-11-14 14:06 - 00000000 ____D C:\Users\Pam\Documents\BranfordCalls(Knapp)2012HolidayParty
    2012-11-17 18:29 - 2012-11-17 15:33 - 00000000 ____D C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012H2
    2012-11-17 18:29 - 2012-11-17 15:33 - 00000000 ____D C:\Users\Pam\Documents\BranfordCalls(Knapp)2012H2
    2012-11-17 18:20 - 2011-10-17 18:17 - 00000000 ____D C:\Users\Pam\Local Settings\Microsoft Help
    2012-11-17 18:20 - 2011-10-17 18:17 - 00000000 ____D C:\Users\Pam\Local Settings\Application Data\Microsoft Help
    2012-11-17 18:20 - 2011-10-17 18:17 - 00000000 ____D C:\Users\Pam\AppData\Local\Microsoft Help
    2012-11-17 17:05 - 2012-11-17 15:21 - 00000000 ____D C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012Holiday
    2012-11-17 17:05 - 2012-11-17 15:21 - 00000000 ____D C:\Users\Pam\Documents\BranfordCalls(Knapp)2012Holiday
    2012-11-17 16:18 - 2012-11-17 16:17 - 00262144 ____A C:\Windows\Minidump\111712-39530-01.dmp
    2012-11-17 16:10 - 2012-11-17 16:10 - 00262144 ____A C:\Windows\Minidump\111712-23883-01.dmp
    2012-11-17 15:43 - 2012-11-17 15:43 - 00262144 ____A C:\Windows\Minidump\111712-23431-01.dmp
    2012-11-17 15:39 - 2012-11-16 23:44 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad
    2012-11-17 15:39 - 2012-11-16 23:44 - 95023320 ___AT C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad
    2012-11-17 15:33 - 2012-11-17 15:33 - 00155119 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012H2.zip
    2012-11-17 15:33 - 2012-11-17 15:33 - 00155119 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012H2.zip
    2012-11-17 15:21 - 2012-11-17 15:21 - 00155119 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012Holiday.zip
    2012-11-17 15:21 - 2012-11-17 15:21 - 00155119 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012Holiday.zip
    2012-11-17 15:10 - 2012-11-14 14:06 - 00155119 ____A C:\Users\Pam\My Documents\BranfordCalls(Knapp)2012HolidayParty.zip
    2012-11-17 15:10 - 2012-11-14 14:06 - 00155119 ____A C:\Users\Pam\Documents\BranfordCalls(Knapp)2012HolidayParty.zip
    2012-11-16 23:44 - 2012-11-16 23:44 - 00000688 ____A C:\ctfmon.lnk
    2012-11-15 08:38 - 2012-11-15 08:38 - 00262144 ____A C:\Windows\Minidump\111512-23150-01.dmp
    2012-11-15 08:35 - 2012-11-15 08:35 - 00262144 ____A C:\Windows\Minidump\111512-48360-01.dmp
    2012-11-15 08:28 - 2011-05-28 01:23 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
    2012-11-15 08:28 - 2011-05-28 01:23 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
    2012-11-15 08:28 - 2011-05-28 01:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2012-11-15 08:28 - 2011-05-28 01:23 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
    2012-11-15 08:28 - 2011-05-28 01:23 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
    2012-11-15 08:28 - 2011-05-28 01:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2012-11-13 08:32 - 2012-11-13 08:32 - 00262144 ____A C:\Windows\Minidump\111312-26130-01.dmp
    2012-11-13 08:28 - 2012-11-13 08:28 - 00262144 ____A C:\Windows\Minidump\111312-33275-01.dmp
    2012-11-13 06:52 - 2012-11-13 06:51 - 00000496 ____A C:\Users\Pam\Desktop\avgrep.txt
    2012-11-13 06:51 - 2012-09-20 07:15 - 00000000 ____D C:\Users\Pam\Local Settings\Avg2013
    2012-11-13 06:51 - 2012-09-20 07:15 - 00000000 ____D C:\Users\Pam\Local Settings\Application Data\Avg2013
    2012-11-13 06:51 - 2012-09-20 07:15 - 00000000 ____D C:\Users\Pam\AppData\Local\Avg2013
    2012-11-13 06:49 - 2012-11-13 06:49 - 00262144 ____A C:\Windows\Minidump\111312-32604-01.dmp
    2012-11-13 06:27 - 2012-11-13 06:27 - 00262144 ____A C:\Windows\Minidump\111312-33961-01.dmp
    2012-11-13 06:18 - 2012-11-13 06:18 - 00262144 ____A C:\Windows\Minidump\111312-31761-01.dmp
    2012-11-13 06:10 - 2012-11-13 06:10 - 00262144 ____A C:\Windows\Minidump\111312-39468-01.dmp
    2012-11-11 09:02 - 2012-11-11 09:02 - 04477834 ____A C:\Users\Pam\My Documents\IMG_3174.zip
    2012-11-11 09:02 - 2012-11-11 09:02 - 04477834 ____A C:\Users\Pam\Documents\IMG_3174.zip
    2012-11-11 09:02 - 2012-11-11 09:02 - 00000000 ____D C:\Users\Pam\My Documents\IMG_3174
    2012-11-11 09:02 - 2012-11-11 09:02 - 00000000 ____D C:\Users\Pam\Documents\IMG_3174
    2012-11-09 23:40 - 2012-11-09 23:39 - 00000000 ____D C:\Users\Pam\My Documents\Foster_Survival_Guide
    2012-11-09 23:40 - 2012-11-09 23:39 - 00000000 ____D C:\Users\Pam\Documents\Foster_Survival_Guide
    2012-11-09 23:39 - 2012-11-09 23:39 - 00038267 ____A C:\Users\Pam\My Documents\Foster_Survival_Guide.zip
    2012-11-09 23:39 - 2012-11-09 23:39 - 00038267 ____A C:\Users\Pam\Documents\Foster_Survival_Guide.zip
    2012-11-08 11:29 - 2012-09-20 07:25 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-11-08 11:29 - 2012-09-20 07:25 - 00000967 ____A C:\Users\All Users\Desktop\AVG 2013.lnk
    2012-11-08 11:17 - 2012-11-08 11:17 - 00262144 ____A C:\Windows\Minidump\110812-32323-01.dmp
    2012-11-08 10:31 - 2012-09-20 07:25 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-11-08 10:31 - 2012-09-20 07:25 - 00000000 ____D C:\Users\All Users\Application Data\AVG Secure Search
    2012-11-08 10:31 - 2012-09-20 07:24 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-11-08 10:31 - 2012-09-20 07:24 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000932 ____A C:\Users\Public\Desktop\EPSON Scan.lnk
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000932 ____A C:\Users\All Users\Desktop\EPSON Scan.lnk
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000000 ____D C:\Program Files (x86)\epson
    2012-11-05 15:19 - 2012-11-05 15:19 - 00000000 ____D C:\EPSON
    2012-11-04 10:49 - 2012-11-04 10:49 - 01404004 ____A C:\Users\Pam\My Documents\Lulu1.zip
    2012-11-04 10:49 - 2012-11-04 10:49 - 01404004 ____A C:\Users\Pam\Documents\Lulu1.zip
    2012-11-04 10:49 - 2012-11-04 10:49 - 00000000 ____D C:\Users\Pam\My Documents\Lulu1
    2012-11-04 10:49 - 2012-11-04 10:49 - 00000000 ____D C:\Users\Pam\Documents\Lulu1
    2012-11-03 13:52 - 2012-11-03 13:52 - 00352419 ____A C:\Users\Pam\My Documents\joy2.zip
    2012-11-03 13:52 - 2012-11-03 13:52 - 00352419 ____A C:\Users\Pam\Documents\joy2.zip
    2012-11-03 13:52 - 2012-11-03 13:52 - 00000000 ____D C:\Users\Pam\My Documents\joy2
    2012-11-03 13:52 - 2012-11-03 13:52 - 00000000 ____D C:\Users\Pam\Documents\joy2
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000009 ____A C:\END
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Users\Pam\Local Settings\Conduit
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Users\Pam\Local Settings\Application Data\Conduit
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Users\Pam\AppData\Local\Conduit
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Program Files (x86)\SocialSearchBar_App
    2012-11-03 01:54 - 2012-11-03 01:54 - 00000000 ____D C:\Program Files (x86)\Conduit
    2012-11-03 01:53 - 2012-11-03 01:53 - 00000000 ____D C:\Program Files (x86)\UnfriendApp

    ZeroAccess:
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\@
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\L
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\L\00000004.@
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\L\201d3dde
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\00000004.@
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\00000008.@
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\000000cb.@
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\80000000.@
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\80000032.@
    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ATTENTION: ========> Check for possible partition/boot infection:
    C:\Windows\svchost.exe

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-11-22 23:00:14

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8104.63 MB
    Available physical RAM: 7308.13 MB
    Total Pagefile: 8102.83 MB
    Available Pagefile: 7299.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (OS) (Fixed) (Total:917.66 GB) (Free:626.16 GB) NTFS
    4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
    5 Drive g: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:6.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    ATTENTION: Malware custom entry on BCD on drive g: detected. Check for MBR/Partition infection.
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 7633 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 39 MB 31 KB
    Partition 2 Primary 13 GB 40 MB
    Partition 3 Primary 917 GB 13 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 39 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 G RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 917 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7633 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F FAT32 Removable 7633 MB Healthy

    =========================================================

    Last Boot: 2012-11-26 01:05

    ==================== End Of Log =============================
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.


    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    Attached Files:

  10. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Farbar said Fix is done. Will run TDSSKiller a little later. Here's a copy of the Fix log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
    Ran by SYSTEM at 2012-11-30 10:21:27 Run:1
    Running from G:\

    ==============================================

    C:\Windows\Installer\{75e5ac81-c8d7-a73a-fc39-04499a001110} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\svchost.exe moved successfully.

    The operation completed successfully.
    The operation completed successfully.

    ==== End of Fixlog ====
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OKay, will wait for TDSSKiller.
     
  12. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Not sure why I got 3 logs except TDSS did a new scan on reboot. Will post all 3 in order. Scan #1 attached.

    Attached Files:

  13. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Scan #2

    Attached Files:

  14. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Scan #3

    Attached Files:

  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Run TDSSKiller once more please, and delete the TDSS file system. Post new log once done...and do this:

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  16. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Here is the TDSS log. Will get to aswMBR a little later

    Attached Files:

  17. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    The MBR.txt log:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-01 14:18:56
    -----------------------------
    14:18:56.920 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:18:56.920 Number of processors: 4 586 0x2A07
    14:18:56.920 ComputerName: PAM-PC UserName: Pam
    14:18:59.619 Initialize success
    14:19:25.464 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:19:25.480 Disk 0 Vendor: WDC_WD10EALX-759BA0 15.01H15 Size: 953869MB BusType: 3
    14:19:25.480 Disk 0 MBR read successfully
    14:19:25.495 Disk 0 MBR scan
    14:19:25.495 Disk 0 Windows VISTA default MBR code
    14:19:25.495 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    14:19:25.511 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14142 MB offset 81920
    14:19:25.527 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939686 MB offset 29044736
    14:19:25.558 Disk 0 scanning C:\Windows\system32\drivers
    14:19:29.941 Service scanning
    14:19:40.737 Modules scanning
    14:19:40.737 Scan finished successfully
    14:20:22.217 Disk 0 MBR has been saved successfully to "C:\Users\Pam\Desktop\MBR.dat"
    14:20:22.217 The log file has been saved successfully to "C:\Users\Pam\Desktop\aswMBR.txt"
  18. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    MBRscan.txt upload

    Attached Files:

  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Run TDSSKiller again and delete the TDSS File System please, and post a new log...

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  20. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Sorry, mis-understood about deleting TDSS File System. Now done. Here's the log.

    Attached Files:

  21. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Combo Fix has been sitting at "Completed Stage_48" for nearly 2 hours. Normal?
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That can be normal, not usual or unusual. Did it complete?
  23. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Nope. It's been 19 hours and still working, at least I think it is. HD is working on something. Completed stage 50 now.
  24. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    Forgot to mention had a power drop during the first scan and had to restart it.
  25. F1forever

    F1forever TS Rookie Topic Starter Posts: 31

    After 22 hours Combo Fix is finally done. Had to attach the log as it is nearly 70K.

    Attached Files:

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.