Jump to content

WilliSquirrel

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi, I did as directed in your last post. Chkdsk ran for about 45 minutes and verified files, indexes, security descriptors, USN Journal, file data and free space. Unfortunately I missed all the info that was flashed after the last verification took place (free space) so I don't know if there were any messages. I really appreciate your timely responses in helping me try to eradicate the trojan. I must say you guys are all TREMENDOUS! That said, I just am not computer savvy enough (for example, in pausing the screen to take down any messages it gave me), so I'm probably going to have to find some time to take my computer in somewhere. Again, I appreciate all your help each and every step of the way. I think the problem probably is just too big for me to handle. Thanks, Chris! Willi
  2. As requested, here is chkdsk.txt log: The type of the file system is NTFS. WARNING! F parameter not specified. Running CHKDSK in read-only mode. CHKDSK is verifying files (stage 1 of 3)... 0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. File verification completed. CHKDSK is verifying indexes (stage 2 of 3)... 0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. Index verification completed. CHKDSK is verifying security descriptors (stage 3 of 3)... 0 percent completed. 1 percent completed. 2 percent completed. 3 percent completed. 4 percent completed. 5 percent completed. 6 percent completed. 7 percent completed. 8 percent completed. 9 percent completed. 10 percent completed. 11 percent completed. 12 percent completed. 13 percent completed. 14 percent completed. 15 percent completed. 16 percent completed. 17 percent completed. 18 percent completed. 19 percent completed. 20 percent completed. 21 percent completed. 22 percent completed. 23 percent completed. 24 percent completed. 25 percent completed. 26 percent completed. 27 percent completed. 28 percent completed. 29 percent completed. 30 percent completed. 31 percent completed. 32 percent completed. 33 percent completed. 34 percent completed. 35 percent completed. 36 percent completed. 37 percent completed. 38 percent completed. 39 percent completed. 40 percent completed. 41 percent completed. 42 percent completed. 43 percent completed. 44 percent completed. 45 percent completed. 46 percent completed. 47 percent completed. 48 percent completed. 49 percent completed. 50 percent completed. 51 percent completed. 52 percent completed. 53 percent completed. 54 percent completed. 55 percent completed. 56 percent completed. 57 percent completed. 58 percent completed. 59 percent completed. 60 percent completed. 61 percent completed. 62 percent completed. 63 percent completed. 64 percent completed. 65 percent completed. 66 percent completed. 67 percent completed. 68 percent completed. 69 percent completed. 70 percent completed. 71 percent completed. 72 percent completed. 73 percent completed. 74 percent completed. 75 percent completed. 76 percent completed. 77 percent completed. 78 percent completed. 79 percent completed. 80 percent completed. 81 percent completed. 82 percent completed. 83 percent completed. 84 percent completed. 85 percent completed. 86 percent completed. 87 percent completed. 88 percent completed. 89 percent completed. 90 percent completed. 91 percent completed. 92 percent completed. 93 percent completed. 94 percent completed. 95 percent completed. 96 percent completed. 97 percent completed. 98 percent completed. 99 percent completed. 100 percent completed. Security descriptor verification completed. CHKDSK is verifying Usn Journal... Usn Journal verification completed. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows found problems with the file system. Run CHKDSK with the /F (fix) option to correct these. 374948043 KB total disk space. 24696252 KB in 78594 files. 28372 KB in 10261 indexes. 0 KB in bad sectors. 369711 KB in use by the system. 65536 KB occupied by the log file. 349853708 KB available on disk. 4096 bytes in each allocation unit. 93737010 total allocation units on disk. 87463427 allocation units available on disk.
  3. Ok, the ComboFix log is added as an attachment (said it was too long to post here): Thanks, Combo Fix Log.txt
  4. Thank you Ron, I will bring it to the attention of the gentleman that is helping me. I haven't gotten the message yet today (crossing fingers) so am hoping the steps we are going through perhaps took care of the problem. But you are saying it is not unusual to see it once in a while? That is MBAM Pro at work, right? Thanks again! Willi
  5. Good evening, Well, I'm in the process of having some of your fine techs help me with a virus, but meanwhile I have a generic question regarding the MBAM Pro. I just purchased it after a trial, having decided I'd like the extra protection. My question is, is it part of the program that runs where it periodically indicates on the system tray that MBAM is "blocking outgoing" items to a certain domain due to possibly being a malicious website? I'm just wondering if this is what I SHOULD see, or if I have more problems with viruses on my computer than I thought. Thanks in advance for any advice or help, Willi
  6. Hi Chris, Okay, here's the deal. I hope I can explain this well enough. As I mentioned above, I had trouble copying or zipping up the file last night. Throughout the last couple of days, my Zone Alarm kept scanning and picked up two trojan files - c:\windows\system32\eapsvc32.exe and c:\windows\system32\atikvmag32.exe. Each time my Zone Alarm indicated they could not be quarantined and gave me the option to delete them, which I did not do. Later on last evening, ZA picked them up again except this time it recommended "delete on reboot." I applied those actions and this took the files out of my directory. However, it does appear that I have a zipped file (I don't know how that happened - it wasn't working for me last night). Not sure if it zipped correctly but I'll attach it below. Now, I have noticed for the past four or five days, I am not being redirected anymore when I use any search engine. I don't know if this indicates that the trojan is gone or not. As you usually suggest, I ran another MBAM update and quick scan. Here is the log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7431 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/10/2011 10:01:58 PM mbam-log-2011-08-10 (22-01-58).txt Scan type: Quick scan Objects scanned: 164682 Time elapsed: 2 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) My apologies to you for my not being all that savvy when it comes to this stuff ... I do the best I can, and I hope you can help me eradicate whatever it is I'm dealing with! Thanks, Willi eapsvc32.zip
  7. Ok, here is the latest log after running MBAM: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7413 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/8/2011 8:36:21 PM mbam-log-2011-08-08 (20-36-21).txt Scan type: Quick scan Objects scanned: 164551 Time elapsed: 2 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) I also tried to access c:/windows/system32/eapsvc32.exe to zip the file as you requested, and I get an error message that reads: "File not found or no read permission."
  8. Chris, Okay, I just found the Virus Total Uploader and downloaded that. But it tells me that VirusTotal Uploader couldn't load the file? Thanks again ...
  9. Sorry it took so long to get back ... I was out of town for a couple of days. I went to the virus total website and tried to have the c:/windows/system32/eapsvc32.exe file analyzed, but I don't know what I'm doing wrong. For a split second a screen comes up indicating it is checking and then just goes back to the main screen. Does it take quite a while to do this? As an aside, besides this file you mention, my Zone Alarm is also picking up a c:/windows/system32/atikvmag32.exe as a trojan. I'm sorry to be such a pain, but I am not having any luck with the VirusTotal. Time lapsed has been 15 minutes, and I'm not seeing a result. I did run the updated MBAM which didn't detect it, but as I say, my Zone Alarm is detecting it. Thanks, Willi
  10. Hi Chris, Thanks for the help ... can you tell me where I go to "VirusTotal"? I didn't see any links to click on in your post. It's been a long day so maybe I'm just missing it? Thanks,
  11. Hi, Screen ... thanks so much for addressing my problem. Hopefully I can do as you requested (I'm not the most computer literate so please bear with me I have updated the MBAM and ran a scan. Here is the log: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7339 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/31/2011 11:17:28 AM mbam-log-2011-07-31 (11-17-28).txt Scan type: Quick scan Objects scanned: 180662 Time elapsed: 5 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Here is the ComboFix log: ComboFix 11-07-31.03 - Administrator 07/31/2011 11:23:43.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3064.1858 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ZoneAlarm Security Suite Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\chrome\xulcache.jar c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\defaults\preferences\xulcache.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{0adfde38-1bc6-420b-8c3b-ad42ae35430d}\install.rdf c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\chrome\xulcache.jar c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\defaults\preferences\xulcache.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{18b19a6d-96a2-4b6d-a3c4-ed4dbd61794e}\install.rdf c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\chrome\xulcache.jar c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\defaults\preferences\xulcache.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{1d821910-8fd4-478c-9943-9570093f0618}\install.rdf c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\chrome\xulcache.jar c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\defaults\preferences\xulcache.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{a78b310b-7606-4dae-9245-13aee5f8f91c}\install.rdf c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8} c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\chrome\xulcache.jar c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\defaults\preferences\xulcache.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\extensions\{bcd6c7d0-e937-45fa-8e5e-5dc11da04dc8}\install.rdf c:\documents and settings\Administrator\jwknoxnpkr.tmp c:\documents and settings\Administrator\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 ))))))))))))))))))))))))))))))) . . 2011-07-27 14:29 . 2009-10-12 23:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2011-07-27 14:28 . 2010-08-29 07:53 69120 ----a-w- c:\windows\system32\zlcomm.dll 2011-07-27 14:28 . 2010-08-29 07:53 103936 ----a-w- c:\windows\system32\zlcommdb.dll 2011-07-27 14:28 . 2010-08-29 07:53 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-07-26 03:31 . 2011-07-26 03:31 786432 ----a-w- c:\windows\system32\atikvmag32.exe 2011-07-26 03:31 . 2011-07-26 03:31 786432 ----a-w- c:\windows\system32\eapsvc32.exe 2011-07-25 12:35 . 2011-07-25 12:36 -------- d-----w- c:\program files\Safari 2011-07-25 12:28 . 2011-07-25 12:28 -------- d-----w- c:\program files\iPod 2011-07-25 12:19 . 2011-07-25 12:19 -------- d-----w- c:\program files\Bonjour 2011-07-14 12:35 . 2011-07-14 12:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-07 00:52 . 2010-04-27 14:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52 . 2010-04-27 14:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-02 14:02 . 2008-04-14 09:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-10 13:06 . 2011-06-27 01:13 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 13:06 . 2011-06-27 01:13 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-09-13 05:05 . 2009-09-13 05:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2009-09-13 05:06 . 2009-09-13 05:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2009-09-13 05:06 . 2009-09-13 05:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2009-09-13 05:06 . 2009-09-13 05:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2009-09-13 05:06 . 2009-09-13 05:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2009-09-13 05:07 . 2009-09-13 05:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2009-09-13 05:06 . 2009-09-13 05:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2009-09-13 05:06 . 2009-09-13 05:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2009-08-14 19:33 . 2009-08-14 19:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2009-09-13 05:06 . 2009-09-13 05:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2011-06-26 14:22 . 2011-03-28 14:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2009-07-02 344064] "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "RTHDCPL"="RTHDCPL.EXE" [2009-07-03 18665472] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-08-27 730600] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Auto Update Notification.lnk - c:\windows\Installer\{6B3FDC5D-2FA5-44AD-9DEC-5136A85CC524}\_1D0A817BB6B9657202E19A.exe [2011-3-31 10134] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VoiceCOMPOSER Express.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VoiceCOMPOSER Express.lnk backup=c:\windows\pss\VoiceCOMPOSER Express.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter] 2009-09-13 05:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\windows\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\HP\\Digital Imaging\\{FA0F0A01-4631-4161-A6C2-948BF694382E}\\setup\\hpznui01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\windows\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [8/31/2009 4:55 PM 184888] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 7:13 PM 65584] R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\AMD\RAIDXpert\bin\RAIDXpertService.exe [3/16/2009 3:47 AM 122880] R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [7/10/2009 7:36 PM 110592] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 26352] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 493032] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2010 9:31 AM 366640] R2 MedQuist Client Platform Service;MedQuist Client Platform Service;c:\program files\Common Files\MedQuist\MQHostService.exe [5/20/2010 11:33 AM 28672] R2 OEWOutboxService;OEW Outbox Service;c:\program files\MedQuist, Inc\DocQvoice Workstation\OEWOutboxService.exe [5/28/2010 10:52 AM 73728] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [1/27/2010 12:06 AM 635416] R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 11:09 PM 11032] R2 W32Time32;Windows Time ;c:\windows\system32\eapsvc32.exe [7/25/2011 10:31 PM 786432] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/18/2007 12:46 PM 44800] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2010 9:31 AM 22712] R3 wpkbdclassfiltr;Words+ Upper Class Keyboard Filter Driver;c:\windows\system32\drivers\wpkbdclassfiltr.sys [5/21/2010 4:55 PM 5024] S2 0097991266720622mcinstcleanup;McAfee Application Installer Cleanup (0097991266720622);c:\docume~1\ADMINI~1\LOCALS~1\Temp\009799~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\009799~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2/20/2010 2:20 PM 20160] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/27/2010 9:31 AM 41272] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-07-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2011-07-31 c:\windows\Tasks\User_Feed_Synchronization-{68925FE1-37F6-4020-A07B-0D3B85EE61DA}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: dynamicvoice.com\advancedweb Trusted Zone: tmtprn.com\www Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.0.1 DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} - hxxps://www.tmtprn.com/wspellam.cab DPF: {B151B524-F451-4036-9663-B3944FA710DF} - hxxp://www.medquist.com/Portals/0/Remote%20Desktop/ENUclientPro.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wueq4cf6.default\ FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382 FF - prefs.js: network.proxy.type - 1 . - - - - ORPHANS REMOVED - - - - . BHO-{01E5565D-5EFD-4AC2-9765-11EEFB17AE99} - c:\windows\system32\atikvmag32.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-31 11:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll . Completion time: 2011-07-31 11:33:10 ComboFix-quarantined-files.txt 2011-07-31 16:33 . Pre-Run: 340,790,689,792 bytes free Post-Run: 342,324,260,864 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - D04F811FEEFE2846807FF5B358949398 And lastly the new DDS log. I'm not sure if you needed the attachment but included it just in case: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Run by Administrator at 11:39:14 on 2011-07-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3064.2016 [GMT -5:00] . AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\MedQuist\MQHostService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\MedQuist\AutoUpdateNotification.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\eapsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\atikvmag32.exe C:\Program Files\MedQuist, Inc\DocQvoice Workstation\OEWOutboxService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\WinMsgBalloonServer.exe C:\WINDOWS\system32\WinMsgBalloonClient.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\windows\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382 BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\windows\installer\{6b3fdc5d-2fa5-44ad-9dec-5136a85cc524}\_1D0A817BB6B9657202E19A.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: dynamicvoice.com\advancedweb Trusted Zone: tmtprn.com\www Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275532971921 DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} - hxxps://www.tmtprn.com/wspellam.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {B151B524-F451-4036-9663-B3944FA710DF} - hxxp://www.medquist.com/Portals/0/Remote%20Desktop/ENUclientPro.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8EB6F265-82F4-4E18-A3D9-98EC570F2E04} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BBBA6926-9994-40FE-BCDA-2834D0AC130C} : DhcpNameServer = 192.168.0.1 Notify: AtiExtEvent - Ati2evxx.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\wueq4cf6.default\ FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll . ============= SERVICES / DRIVERS =============== . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2009-8-31 184888] R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-7-27 128016] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-7-27 317072] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-27 214024] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-20 528128] R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2009-3-16 122880] R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-7-10 110592] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-27 366640] R2 MedQuist Client Platform Service;MedQuist Client Platform Service;c:\program files\common files\medquist\MQHostService.exe [2010-5-20 28672] R2 OEWOutboxService;OEW Outbox Service;c:\program files\medquist, inc\docqvoice workstation\OEWOutboxService.exe [2010-5-28 73728] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-27 635416] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R2 W32Time32;Windows Time ;c:\windows\system32\eapsvc32.exe [2011-7-25 786432] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-27 22712] R3 wpkbdclassfiltr;Words+ Upper Class Keyboard Filter Driver;c:\windows\system32\drivers\wpkbdclassfiltr.sys [2010-5-21 5024] S2 0097991266720622mcinstcleanup;McAfee Application Installer Cleanup (0097991266720622);c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-2-20 20160] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-27 41272] S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-27 79816] S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-27 35272] S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-27 34248] . =============== Created Last 30 ================ . 2011-07-31 16:23:01 -------- d-sha-r- C:\cmdcons 2011-07-31 16:21:51 98816 ----a-w- c:\windows\sed.exe 2011-07-31 16:21:51 518144 ----a-w- c:\windows\SWREG.exe 2011-07-31 16:21:51 256000 ----a-w- c:\windows\PEV.exe 2011-07-31 16:21:51 208896 ----a-w- c:\windows\MBR.exe 2011-07-27 14:29:40 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2011-07-27 14:28:15 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-07-26 03:31:43 786432 ----a-w- c:\windows\system32\atikvmag32.exe 2011-07-26 03:31:40 786432 ----a-w- c:\windows\system32\eapsvc32.exe 2011-07-25 12:28:14 -------- d-----w- c:\program files\iPod 2011-07-25 12:19:51 -------- d-----w- c:\program files\Bonjour 2011-07-14 12:35:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll . ==================== Find3M ==================== . 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys . ============= FINISH: 11:39:51.87 ===============
  12. Yes, a hot topic indeed. No matter which browser I use, it redirects me to unrelated ads. This has popped up just in the last couple of days. I used Malwarebytes plus the free trial of Malwarebytes Pro which does pick up the virus, quarantines it and then I delete it, only to have it pop right back up within minutes. I also have a file on my desktop that I can't seem to get rid of that must be related called "jwknownpkr.tmp." Please bear with me as I only have average computer smarts so if I miss posting something, my humblest of apologies. And many thanks for any help you can offer. Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7309 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/28/2011 10:41:13 AM mbam-log-2011-07-28 (10-41-13).txt Scan type: Quick scan Objects scanned: 179815 Time elapsed: 4 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Run by Administrator at 21:00:30 on 2011-07-28 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3064.2077 [GMT -5:00] . AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\windows\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\MedQuist\MQHostService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\PDF Complete\pdfsvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\eapsvc32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\atikvmag32.exe C:\Program Files\MedQuist, Inc\DocQvoice Workstation\OEWOutboxService.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Citrix\ICA Client\wfcrun32.exe C:\Program Files\Common Files\MedQuist\AutoUpdateNotification.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WinMsgBalloonServer.exe C:\WINDOWS\system32\WinMsgBalloonClient.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\sh10\sh10.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382 uSearch Page = hxxp://www.bing.com uSearch Bar = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766} mSearchAssistant = hxxp://www.bing.com/sphome.aspx?mkt={SUB_RFC1766} BHO: {01e5565d-5efd-4ac2-9765-11eefb17ae99} - c:\windows\system32\atikvmag32.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\windows\installer\{6b3fdc5d-2fa5-44ad-9dec-5136a85cc524}\_1D0A817BB6B9657202E19A.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: dynamicvoice.com\advancedweb Trusted Zone: tmtprn.com\www Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //FWEvent.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275532971921 DPF: {707873C7-03BB-4F1A-95EC-4AAF1C3D463E} - hxxps://www.tmtprn.com/wspellam.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab DPF: {B151B524-F451-4036-9663-B3944FA710DF} - hxxp://www.medquist.com/Portals/0/Remote%20Desktop/ENUclientPro.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8EB6F265-82F4-4E18-A3D9-98EC570F2E04} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{BBBA6926-9994-40FE-BCDA-2834D0AC130C} : DhcpNameServer = 192.168.0.1 Notify: AtiExtEvent - Ati2evxx.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\wueq4cf6.default\ FF - prefs.js: browser.startup.homepage - hxxp://forecast.weather.gov/MapClick.php?CityName=Waukesha&state=WI&site=MKX&textField1=43.0125&textField2=-88.2382 FF - prefs.js: network.proxy.type - 1 FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll . ============= SERVICES / DRIVERS =============== . R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2009-8-31 184888] R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-7-27 128016] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-7-27 317072] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-27 214024] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-20 528128] R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files\amd\raidxpert\bin\RAIDXpertService.exe [2009-3-16 122880] R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-7-10 110592] R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 26352] R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 493032] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-27 366640] R2 MedQuist Client Platform Service;MedQuist Client Platform Service;c:\program files\common files\medquist\MQHostService.exe [2010-5-20 28672] R2 OEWOutboxService;OEW Outbox Service;c:\program files\medquist, inc\docqvoice workstation\OEWOutboxService.exe [2010-5-28 73728] R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-1-27 635416] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R2 W32Time32;Windows Time ;c:\windows\system32\eapsvc32.exe [2011-7-25 786432] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-12-18 44800] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-27 22712] R3 wpkbdclassfiltr;Words+ Upper Class Keyboard Filter Driver;c:\windows\system32\drivers\wpkbdclassfiltr.sys [2010-5-21 5024] S2 0097991266720622mcinstcleanup;McAfee Application Installer Cleanup (0097991266720622);c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\admini~1\locals~1\temp\009799~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-2-20 20160] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-27 41272] S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-1-27 79816] S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-1-27 35272] S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-1-27 34248] . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-10 13:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 13:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll . ============= FINISH: 21:00:57.01 =============== ark.zip attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.