karenhey

Pum.hijack.StartMenu

19 posts in this topic

Hello,

I have an MDG laptop and am using the Vista OS.

I ran Malwarebytes and discovered I had "Pum.hijack.StartMenu" malware. I removed it. However, when I ran the next Malwarebytes scan it reappeared. Avast did not pick up on this.

I re-installed the system software and clicked reformat. Once the updates were installed I ran Malwarebytes again and this bug showed up again.

Please help!

Thanking you in advance!

Karen

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

Share this post


Link to post
Share on other sites

Hi Chris,

Here's the MBAM Quick Scan... I noticed that the "Pum.hijack.StartMenu" malware doesn't show up on the quick scan.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.09.14

Windows Vista x86 NTFS

Internet Explorer 7.0.6000.16982

Karen :: KAREN-PC [administrator]

7/9/2012 8:58:53 PM

mbam-log-2012-07-09 (20-58-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191476

Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

--------------------------------------------------

Here's the DDS.txt...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.16982

Run by Karen at 21:12:09 on 2012-07-09

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2039.1051 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\vds.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Synaptics\Scrybe\scrybe.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.mdg.ca

uInternet Settings,ProxyOverride = *.local

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9DE7A134-F33D-4BCE-B454-7DB493DB99F2} : DhcpNameServer = 192.168.0.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\8nqeqz1p.default\

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-7-9 50312]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-7-9 42120]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-8 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-8 353688]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-7-9 17032]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-7-9 187016]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-8 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-8 57656]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-8 44808]

R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-7-9 61064]

R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-7-9 23176]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-9 1153368]

R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-8 113120]

.

=============== Created Last 30 ================

.

2012-07-09 21:11:28 -------- d-----w- c:\users\karen\appdata\roaming\SumatraPDF

2012-07-09 21:11:20 -------- d-----w- c:\program files\SumatraPDF

2012-07-09 19:51:32 -------- d-----w- c:\users\karen\appdata\roaming\Synaptics

2012-07-09 19:46:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-07-09 19:46:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-07-09 19:45:29 -------- d-----w- c:\program files\iPod

2012-07-09 19:45:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-07-09 19:45:25 -------- d-----w- c:\program files\iTunes

2012-07-09 19:43:25 -------- d-----w- c:\users\karen\appdata\local\Apple

2012-07-09 19:40:26 -------- d-----w- c:\program files\Bonjour

2012-07-09 19:32:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-09 19:32:32 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-07-09 19:31:21 -------- d-----w- c:\program files\Unlocker

2012-07-09 19:28:47 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-07-09 19:28:47 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-07-09 19:25:17 -------- d-----w- c:\programdata\Synaptics

2012-07-09 19:25:17 -------- d-----w- c:\program files\Synaptics

2012-07-09 19:25:08 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-09 19:25:06 218408 ----a-w- c:\windows\system32\SynCtrl.dll

2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynCOM.dll

2012-07-09 19:25:06 120104 ----a-w- c:\windows\system32\SynTPCo9.dll

2012-07-09 19:25:05 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys

2012-07-09 19:24:20 -------- d-----w- c:\program files\PeaZip

2012-07-09 19:15:39 -------- d-----w- c:\users\karen\appdata\local\Macromedia

2012-07-09 19:14:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-09 19:14:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-09 18:24:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

2012-07-09 18:24:02 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-07-09 18:23:00 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-07-09 18:21:32 -------- d-----w- c:\windows\PCHEALTH

2012-07-09 13:29:27 -------- d-----w- c:\program files\CCleaner

2012-07-09 13:26:58 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-07-09 13:26:57 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys

2012-07-09 13:26:57 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-07-09 13:26:55 42120 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-07-09 13:26:26 20616 ----a-w- c:\windows\system32\fbnative.exe

2012-07-09 13:25:40 -------- d-----w- c:\program files\EaseUS

2012-07-09 03:43:33 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-09 03:43:31 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-09 03:42:20 41224 ----a-w- c:\windows\avastSS.scr

2012-07-09 03:41:39 -------- d-----w- c:\programdata\AVAST Software

2012-07-09 03:41:39 -------- d-----w- c:\program files\AVAST Software

2012-07-09 02:33:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-09 02:33:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-09 01:03:47 -------- d-----w- c:\users\karen\appdata\local\temp

2012-07-09 01:03:17 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-09 00:33:41 98816 ----a-w- c:\windows\sed.exe

2012-07-09 00:33:41 518144 ----a-w- c:\windows\SWREG.exe

2012-07-09 00:33:41 256000 ----a-w- c:\windows\PEV.exe

2012-07-09 00:33:41 208896 ----a-w- c:\windows\MBR.exe

2012-07-08 23:58:50 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL

2012-07-08 21:56:55 -------- d-----w- c:\users\karen\appdata\roaming\Malwarebytes

2012-07-08 21:56:47 -------- d-----w- c:\programdata\Malwarebytes

2012-07-08 21:26:14 -------- d-sh--w- c:\windows\Installer

2012-07-08 20:50:45 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

2012-07-08 20:50:44 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll

2012-07-08 20:50:44 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll

2012-07-08 20:50:44 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll

2012-07-08 20:49:07 80896 ----a-w- c:\windows\system32\MSNP.ax

2012-07-08 20:49:07 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2012-07-08 20:49:07 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2012-07-08 20:49:07 428032 ----a-w- c:\windows\system32\EncDec.dll

2012-07-08 20:49:07 292352 ----a-w- c:\windows\system32\psisdecd.dll

2012-07-08 20:49:07 217088 ----a-w- c:\windows\system32\psisrndr.ax

2012-07-08 20:49:07 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2012-07-08 20:49:07 1244672 ----a-w- c:\windows\system32\mcmde.dll

2012-07-08 20:46:44 2048 ----a-w- c:\windows\system32\tzres.dll

2012-07-08 20:45:58 696832 ----a-w- c:\windows\system32\localspl.dll

2012-07-08 20:44:54 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys

2012-07-08 20:44:54 21560 ----a-w- c:\windows\system32\drivers\atapi.sys

2012-07-08 20:44:54 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-07-08 20:44:54 17464 ----a-w- c:\windows\system32\drivers\intelide.sys

2012-07-08 20:44:54 109624 ----a-w- c:\windows\system32\drivers\ataport.sys

2012-07-08 20:44:53 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys

2012-07-08 20:44:30 104448 ----a-w- c:\windows\system32\DWWIN.EXE

2012-07-08 20:44:05 2923520 ----a-w- c:\windows\explorer.exe

2012-07-08 20:43:32 171520 ----a-w- c:\windows\system32\wintrust.dll

2012-07-08 20:42:59 494592 ----a-w- c:\windows\system32\kerberos.dll

2012-07-08 20:42:58 272384 ----a-w- c:\windows\system32\schannel.dll

2012-07-08 20:38:01 1585664 ----a-w- c:\windows\system32\setupapi.dll

2012-07-08 20:36:24 549888 ----a-w- c:\windows\system32\rpcss.dll

2012-07-08 20:36:23 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2012-07-08 20:36:23 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

2012-07-08 20:36:23 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2012-07-08 20:36:23 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll

2012-07-08 20:36:22 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2012-07-08 20:36:22 53248 ----a-w- c:\windows\system32\iasads.dll

2012-07-08 20:36:22 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2012-07-08 20:36:22 37888 ----a-w- c:\windows\system32\iasdatastore.dll

2012-07-08 20:36:22 158720 ----a-w- c:\windows\system32\sdohlp.dll

2012-07-08 20:36:21 97280 ----a-w- c:\windows\system32\iasrecst.dll

2012-07-08 20:35:49 62464 ----a-w- c:\windows\system32\l3codeca.acm

2012-07-08 20:35:49 220672 ----a-w- c:\windows\system32\l3codecp.acm

2012-07-08 20:34:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-08 20:34:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2012-07-08 20:34:52 22016 ----a-w- c:\windows\system32\netiougc.exe

2012-07-08 20:34:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-07-08 20:34:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2012-07-08 20:34:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2012-07-08 20:34:25 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys

2012-07-08 20:34:06 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

2012-07-08 20:33:25 25600 ----a-w- c:\windows\system32\amxread.dll

2012-07-08 20:33:25 14848 ----a-w- c:\windows\system32\apilogen.dll

2012-07-08 20:32:56 33280 ----a-w- c:\windows\system32\slwmi.dll

2012-07-08 20:32:56 268288 ----a-w- c:\windows\system32\mcbuilder.exe

2012-07-08 20:32:56 223232 ----a-w- c:\windows\system32\SLC.dll

2012-07-08 20:32:55 57856 ----a-w- c:\windows\system32\SLUINotify.dll

2012-07-08 20:32:55 566784 ----a-w- c:\windows\system32\SLCommDlg.dll

2012-07-08 20:32:55 351232 ----a-w- c:\windows\system32\SLUI.exe

2012-07-08 20:32:55 2605568 ----a-w- c:\windows\system32\SLsvc.exe

2012-07-08 20:32:55 186368 ----a-w- c:\windows\system32\SLLUA.exe

2012-07-08 20:32:54 39936 ----a-w- c:\windows\system32\slcinst.dll

2012-07-08 20:32:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2012-07-08 20:32:23 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-07-08 20:32:23 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-07-08 20:31:42 97792 ----a-w- c:\windows\system32\cabview.dll

2012-07-08 20:30:42 61440 ----a-w- c:\windows\system32\ntprint.exe

2012-07-08 20:30:42 220160 ----a-w- c:\windows\system32\ntprint.dll

2012-07-08 20:30:41 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-07-08 20:30:41 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll

2012-07-08 20:30:40 1984512 ----a-w- c:\windows\system32\authui.dll

2012-07-08 20:30:39 69632 ----a-w- c:\windows\system32\sendmail.dll

2012-07-08 20:30:38 8138240 ----a-w- c:\windows\system32\ssBranded.scr

2012-07-08 20:29:58 441856 ----a-w- c:\windows\system32\win32spl.dll

2012-07-08 20:29:58 37376 ----a-w- c:\windows\system32\printcom.dll

2012-07-08 20:29:41 2031104 ----a-w- c:\windows\system32\win32k.sys

2012-07-08 20:29:25 14848 ----a-w- c:\windows\system32\wshrm.dll

2012-07-08 20:29:25 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

2012-07-08 20:29:02 43520 ----a-w- c:\windows\system32\msdxm.tlb

2012-07-08 20:29:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2012-07-08 20:29:02 18432 ----a-w- c:\windows\system32\amcompat.tlb

2012-07-08 20:28:21 515584 ----a-w- c:\windows\system32\RMActivate.exe

2012-07-08 20:28:21 472576 ----a-w- c:\windows\system32\secproc.dll

2012-07-08 20:28:21 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2012-07-08 20:28:21 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2012-07-08 20:28:21 312320 ----a-w- c:\windows\system32\msdrm.dll

2012-07-08 20:28:21 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2012-07-08 20:28:21 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2012-07-08 20:28:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2012-07-08 20:28:20 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2012-07-08 20:27:50 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll

2012-07-08 20:27:50 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe

2012-07-08 20:27:50 11776 ----a-w- c:\windows\system32\sbunattend.exe

2012-07-08 20:27:29 83968 ----a-w- c:\windows\system32\dnsrslvr.dll

2012-07-08 20:27:29 24576 ----a-w- c:\windows\system32\dnscacheugc.exe

2012-07-08 20:27:20 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2012-07-08 20:25:42 97800 ----a-w- c:\windows\system32\infocardapi.dll

2012-07-08 20:25:42 622080 ----a-w- c:\windows\system32\icardagt.exe

2012-07-08 20:25:42 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2012-07-08 20:25:42 11264 ----a-w- c:\windows\system32\icardres.dll

2012-07-08 20:25:39 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2012-07-08 20:25:38 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2012-07-08 20:25:38 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-07-08 20:25:38 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2012-07-08 20:14:01 -------- d-----w- C:\Boot

2012-07-08 20:13:26 -------- d-----w- c:\windows\system32\OEM

2012-07-08 20:13:26 -------- d-----w- c:\windows\PANTHER

2012-07-08 19:44:20 -------- d-----w- c:\users\karen\appdata\local\Microsoft Games

2012-07-08 19:26:39 72704 ----a-w- c:\windows\system32\fontsub.dll

2012-07-08 19:26:39 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-07-08 19:26:39 289792 ----a-w- c:\windows\system32\atmfd.dll

2012-07-08 19:26:39 24064 ----a-w- c:\windows\system32\lpk.dll

2012-07-08 19:26:39 156672 ----a-w- c:\windows\system32\t2embed.dll

2012-07-08 19:26:39 10240 ----a-w- c:\windows\system32\dciman32.dll

2012-07-08 19:23:05 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2012-07-08 19:23:04 61440 ----a-w- c:\windows\system32\winipsec.dll

2012-07-08 19:23:04 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2012-07-08 19:23:04 272896 ----a-w- c:\windows\system32\polstore.dll

2012-07-08 19:21:20 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-07-08 19:21:20 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2012-07-08 19:20:30 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2012-07-08 19:20:30 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2012-07-08 19:20:30 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2012-07-08 19:19:40 707072 ----a-w- c:\program files\common files\system\wab32.dll

2012-07-08 19:19:40 41984 ----a-w- c:\program files\windows mail\wabimp.dll

2012-07-08 19:19:40 39424 ----a-w- c:\windows\system32\ACCTRES.dll

2012-07-08 19:19:40 1098752 ----a-w- c:\program files\common files\system\wab32res.dll

2012-07-08 19:19:39 87040 ----a-w- c:\windows\system32\msoert2.dll

2012-07-08 19:19:39 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll

2012-07-08 19:19:39 205824 ----a-w- c:\windows\system32\msoeacct.dll

2012-07-08 19:19:39 1614848 ----a-w- c:\program files\windows mail\msoe.dll

2012-07-08 19:19:36 397312 ----a-w- c:\program files\windows mail\WinMail.exe

2012-07-08 19:19:36 24064 ----a-w- c:\program files\common files\system\DirectDB.dll

2012-07-08 19:19:35 81408 ----a-w- c:\program files\windows mail\oeimport.dll

2012-07-08 19:18:28 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2012-07-08 19:18:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2012-07-08 19:18:28 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2012-07-08 19:18:28 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2012-07-08 19:18:28 15360 ----a-w- c:\windows\system32\netevent.dll

2012-07-08 19:18:28 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2012-07-08 19:18:28 103936 ----a-w- c:\windows\system32\netiohlp.dll

2012-07-08 19:18:28 10240 ----a-w- c:\windows\system32\finger.exe

2012-07-08 19:18:27 19968 ----a-w- c:\windows\system32\ARP.EXE

2012-07-08 19:18:26 213592 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-08 19:17:14 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr

2012-07-08 19:17:14 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll

2012-07-08 19:17:13 258232 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-07-08 19:17:13 24064 ----a-w- c:\windows\system32\wtsapi32.dll

2012-07-08 19:17:13 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys

2012-07-08 19:17:12 28344 ----a-w- c:\windows\system32\drivers\battc.sys

2012-07-08 19:17:12 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys

2012-07-08 19:17:11 542720 ----a-w- c:\windows\system32\sysmain.dll

2012-07-08 19:16:26 194560 ----a-w- c:\windows\system32\WebClnt.dll

2012-07-08 19:16:26 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2012-07-08 19:15:41 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2012-07-08 19:15:41 47104 ----a-w- c:\windows\system32\wlanapi.dll

2012-07-08 19:15:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll

2012-07-08 19:15:40 502272 ----a-w- c:\windows\system32\wlansvc.dll

2012-07-08 19:15:40 297984 ----a-w- c:\windows\system32\wlansec.dll

2012-07-08 19:15:40 290816 ----a-w- c:\windows\system32\wlanmsm.dll

2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml6r.dll

2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-08 19:14:43 1406464 ----a-w- c:\windows\system32\msxml6.dll

2012-07-08 19:14:43 1260032 ----a-w- c:\windows\system32\msxml3.dll

2012-07-08 19:13:46 7680 ----a-w- c:\windows\system32\lsass.exe

2012-07-08 19:13:46 72704 ----a-w- c:\windows\system32\secur32.dll

2012-07-08 19:13:46 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-08 19:13:46 216576 ----a-w- c:\windows\system32\msv1_0.dll

2012-07-08 19:13:46 175104 ----a-w- c:\windows\system32\wdigest.dll

2012-07-08 19:13:46 1233920 ----a-w- c:\windows\system32\lsasrv.dll

2012-07-08 19:12:54 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2012-07-08 19:12:54 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-07-08 19:12:54 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-07-08 19:12:12 49664 ----a-w- c:\windows\system32\csrsrv.dll

2012-07-08 19:12:11 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-07-08 19:11:26 2855424 ----a-w- c:\windows\system32\mf.dll

2012-07-08 19:11:25 98816 ----a-w- c:\windows\system32\mfps.dll

2012-07-08 19:11:25 52736 ----a-w- c:\windows\system32\rrinstaller.exe

2012-07-08 19:11:25 24576 ----a-w- c:\windows\system32\mfpmp.exe

2012-07-08 19:11:25 2048 ----a-w- c:\windows\system32\mferror.dll

2012-07-08 19:10:31 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-08 19:10:31 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-08 19:08:22 376832 ----a-w- c:\windows\system32\winhttp.dll

2012-07-08 19:07:37 434176 ----a-w- c:\windows\system32\vbscript.dll

2012-07-08 19:06:51 71680 ----a-w- c:\windows\system32\atl.dll

2012-07-08 19:05:29 297472 ----a-w- c:\windows\system32\gdi32.dll

2012-07-08 19:04:48 41984 ----a-w- c:\windows\system32\drivers\monitor.sys

2012-07-08 19:04:48 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-07-08 19:03:06 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll

2012-07-08 19:02:27 500736 ----a-w- c:\windows\system32\msdtcprx.dll

2012-07-08 19:02:27 30208 ----a-w- c:\windows\system32\xolehlp.dll

2012-07-08 19:01:43 156160 ----a-w- c:\windows\system32\wkssvc.dll

2012-07-08 19:00:03 36352 ----a-w- c:\windows\system32\tsgqec.dll

2012-07-08 19:00:03 116736 ----a-w- c:\windows\system32\aaclient.dll

2012-07-08 19:00:02 1871872 ----a-w- c:\windows\system32\mstscax.dll

2012-07-08 18:59:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll

2012-07-08 18:57:47 414208 ----a-w- c:\windows\system32\msscp.dll

2012-07-08 18:57:07 713728 ----a-w- c:\windows\system32\timedate.cpl

2012-07-08 18:56:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll

2012-07-08 18:55:32 86016 ----a-w- c:\windows\system32\icfupgd.dll

2012-07-08 18:55:32 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2012-07-08 18:55:32 396800 ----a-w- c:\windows\system32\MPSSVC.dll

2012-07-08 18:55:32 392192 ----a-w- c:\windows\system32\FirewallAPI.dll

2012-07-08 18:55:31 61952 ----a-w- c:\windows\system32\cmifw.dll

2012-07-08 18:55:31 16896 ----a-w- c:\windows\system32\wfapigp.dll

2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hcrstco.dll

2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hccoin.dll

2012-07-08 18:49:48 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-07-08 18:49:48 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-07-08 18:49:48 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-07-08 18:49:48 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-07-08 18:49:48 224768 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-07-08 18:49:48 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-07-08 18:47:25 24064 ----a-w- c:\windows\system32\netcfg.exe

2012-07-08 18:39:54 9728 ----a-w- c:\windows\system32\LAPRXY.DLL

2012-07-08 18:39:54 223232 ----a-w- c:\windows\system32\WMASF.DLL

2012-07-08 18:39:54 2048 ----a-w- c:\windows\system32\asferror.dll

2012-07-08 18:33:00 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-07-08 18:32:30 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b2b4340-9321-46d3-bd33-43192b504cdd}\mpengine.dll

2012-07-08 18:32:29 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-08 18:15:34 96760 ----a-w- c:\windows\system32\dfshim.dll

2012-07-08 18:15:34 41984 ----a-w- c:\windows\system32\netfxperf.dll

2012-07-08 18:15:33 282112 ----a-w- c:\windows\system32\mscoree.dll

2012-07-08 18:15:32 83968 ----a-w- c:\windows\system32\mscories.dll

2012-07-08 18:15:32 158720 ----a-w- c:\windows\system32\mscorier.dll

2012-07-08 18:00:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2012-07-08 18:00:18 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2012-07-08 18:00:18 1686528 ----a-w- c:\windows\system32\gameux.dll

2012-07-08 17:59:42 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

2012-07-08 17:59:42 94720 ----a-w- c:\windows\system32\logagent.exe

2012-07-08 17:59:09 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2012-07-08 17:58:55 84480 ----a-w- c:\windows\system32\INETRES.dll

2012-07-08 17:58:55 737792 ----a-w- c:\windows\system32\inetcomm.dll

2012-07-08 17:58:32 60928 ----a-w- c:\windows\system32\msasn1.dll

2012-07-08 17:58:11 1645568 ----a-w- c:\windows\system32\connect.dll

2012-07-08 17:57:53 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-08 17:57:53 152576 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-08 17:57:53 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-08 17:57:35 788992 ----a-w- c:\windows\system32\rpcrt4.dll

2012-07-08 17:56:55 396800 ----a-w- c:\windows\system32\drivers\http.sys

2012-07-08 17:56:55 31232 ----a-w- c:\windows\system32\httpapi.dll

2012-07-08 17:56:55 24064 ----a-w- c:\windows\system32\nshhttp.dll

2012-07-08 17:55:15 130048 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-07-08 17:54:52 974336 ----a-w- c:\windows\system32\crypt32.dll

2012-07-08 17:54:39 274432 ----a-w- c:\windows\system32\raschap.dll

2012-07-08 17:54:38 232960 ----a-w- c:\windows\system32\rastls.dll

2012-07-08 17:54:19 321536 ----a-w- c:\windows\system32\WSDApi.dll

2012-07-08 17:54:00 633856 ----a-w- c:\windows\system32\user32.dll

2012-07-08 17:53:00 88576 ----a-w- c:\windows\system32\avifil32.dll

2012-07-08 17:53:00 82944 ----a-w- c:\windows\system32\mciavi32.dll

2012-07-08 17:53:00 65024 ----a-w- c:\windows\system32\avicap32.dll

2012-07-08 17:53:00 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2012-07-08 17:53:00 22528 ----a-w- c:\windows\system32\msyuv.dll

2012-07-08 17:53:00 1327616 ----a-w- c:\windows\system32\quartz.dll

2012-07-08 17:53:00 123904 ----a-w- c:\windows\system32\msvfw32.dll

2012-07-08 17:53:00 11776 ----a-w- c:\windows\system32\tsbyuv.dll

.

==================== Find3M ====================

.

2012-07-08 20:37:40 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui

2012-07-08 20:33:25 40960 ----a-w- c:\windows\apppatch\apihex86.dll

2012-07-08 19:25:03 72704 ----a-w- c:\windows\system32\admparse.dll

2012-07-08 19:25:02 832512 ----a-w- c:\windows\system32\wininet.dll

2012-07-08 19:25:02 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2012-07-08 19:24:58 78336 ----a-w- c:\windows\system32\ieencode.dll

2012-07-08 19:24:58 389120 ----a-w- c:\windows\system32\html.iec

2012-07-08 19:24:57 48128 ----a-w- c:\windows\system32\mshtmler.dll

2012-07-08 19:24:56 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-08 19:24:54 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-08 19:24:52 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2012-07-08 19:24:50 56320 ----a-w- c:\windows\system32\iesetup.dll

2012-07-08 18:00:20 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2012-07-08 18:00:19 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-07-08 18:00:19 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2012-07-08 18:00:19 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2012-07-08 18:00:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2012-07-08 17:52:59 31232 ----a-w- c:\windows\system32\msvidc32.dll

2012-07-08 17:52:59 13312 ----a-w- c:\windows\system32\msrle32.dll

2012-07-08 17:52:41 750080 ----a-w- c:\windows\system32\qmgr.dll

2012-07-08 17:52:28 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2012-07-08 17:52:05 8147968 ----a-w- c:\windows\system32\wmploc.DLL

2012-07-08 17:52:03 7680 ----a-w- c:\windows\system32\spwmp.dll

2012-07-08 17:52:03 4096 ----a-w- c:\windows\system32\dxmasf.dll

2012-07-08 17:52:02 4096 ----a-w- c:\windows\system32\msdxm.ocx

2012-07-08 17:52:00 311296 ----a-w- c:\windows\system32\unregmp2.exe

.

============= FINISH: 21:13:12.99 ===============

Thanks so much for looking at this for me. ;)

Karen

Share this post


Link to post
Share on other sites

Hi Karen!

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-Chris

Share this post


Link to post
Share on other sites

Hi Chris,

Whoa! After running the ComboFix the system went really wacky. I was unable to access anything in the start-up menu. I'm writing to you from my old MAC. Luckily I was able to access the log...

ComboFix 12-07-08.03 - Karen 07/09/2012 21:50:47.3.1 - x86

MicrosoftÆ Windows Vistaô Home Premium 6.0.6000.0.1252.1.1033.18.2039.1237 [GMT -4:00]

Running from: c:\users\Karen\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

.

2012-07-10 01:57 . 2012-07-10 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-09 21:11 . 2012-07-09 21:11 -------- d-----w- c:\program files\SumatraPDF

2012-07-09 19:46 . 2012-07-09 19:46 -------- dc----w- c:\windows\system32\DRVSTORE

2012-07-09 19:46 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-07-09 19:46 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-07-09 19:45 . 2012-07-09 19:45 -------- d-----w- c:\program files\iPod

2012-07-09 19:45 . 2012-07-09 19:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-07-09 19:45 . 2012-07-09 19:46 -------- d-----w- c:\program files\iTunes

2012-07-09 19:43 . 2012-07-09 19:44 -------- d-----w- c:\program files\QuickTime

2012-07-09 19:43 . 2012-07-09 19:45 -------- d-----w- c:\programdata\Apple Computer

2012-07-09 19:43 . 2012-07-09 19:43 -------- d-----w- c:\program files\Apple Software Update

2012-07-09 19:40 . 2012-07-09 19:40 -------- d-----w- c:\program files\Bonjour

2012-07-09 19:40 . 2012-07-09 19:45 -------- d-----w- c:\program files\Common Files\Apple

2012-07-09 19:40 . 2012-07-09 19:40 -------- d-----w- c:\programdata\Apple

2012-07-09 19:32 . 2012-07-09 19:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-09 19:32 . 2012-07-09 19:37 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-07-09 19:31 . 2012-07-09 19:31 -------- d-----w- c:\program files\Unlocker

2012-07-09 19:28 . 2009-07-14 01:19 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-07-09 19:28 . 2009-07-14 01:19 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-07-09 19:25 . 2012-07-09 19:27 -------- d-----w- c:\program files\Synaptics

2012-07-09 19:25 . 2012-07-09 19:25 -------- d-----w- c:\programdata\Synaptics

2012-07-09 19:25 . 2009-08-07 14:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-09 19:25 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-07-09 19:25 . 2011-03-31 23:30 120104 ----a-w- c:\windows\system32\SynTPCo9.dll

2012-07-09 19:25 . 2011-03-31 23:30 218408 ----a-w- c:\windows\system32\SynCtrl.dll

2012-07-09 19:25 . 2011-03-31 23:30 173352 ----a-w- c:\windows\system32\SynCOM.dll

2012-07-09 19:25 . 2011-03-31 23:32 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys

2012-07-09 19:24 . 2012-07-09 19:24 -------- d-----w- c:\program files\PeaZip

2012-07-09 19:14 . 2012-07-09 19:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-09 19:14 . 2012-07-09 19:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-09 19:14 . 2012-07-09 19:14 -------- d-----w- c:\windows\system32\Macromed

2012-07-09 18:24 . 2007-04-09 17:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2012-07-09 18:24 . 2007-04-09 17:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-07-09 18:23 . 2012-07-09 18:23 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-07-09 18:21 . 2012-07-09 18:21 -------- d-----w- c:\windows\PCHEALTH

2012-07-09 18:21 . 2012-07-09 18:21 -------- d-----w- c:\program files\Microsoft.NET

2012-07-09 18:20 . 2012-07-09 18:20 -------- d-----r- C:\MSOCache

2012-07-09 13:29 . 2012-07-09 13:29 -------- d-----w- c:\program files\CCleaner

2012-07-09 13:26 . 2011-12-23 03:09 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-07-09 13:26 . 2011-12-23 03:09 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-07-09 13:26 . 2011-12-23 03:09 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys

2012-07-09 13:26 . 2012-02-08 19:47 42120 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-07-09 13:26 . 2011-12-23 03:09 20616 ----a-w- c:\windows\system32\fbnative.exe

2012-07-09 13:25 . 2012-07-09 13:25 -------- d-----w- c:\program files\EaseUS

2012-07-09 03:43 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-09 03:43 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-09 03:43 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-09 03:43 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-09 03:43 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-09 03:43 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-09 03:42 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-09 03:42 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-09 03:41 . 2012-07-09 03:41 -------- d-----w- c:\programdata\AVAST Software

2012-07-09 03:41 . 2012-07-09 03:41 -------- d-----w- c:\program files\AVAST Software

2012-07-09 02:33 . 2012-07-09 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-09 02:33 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-08 23:58 . 2006-11-02 09:46 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL

2012-07-08 22:51 . 2012-07-08 22:51 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-08 21:56 . 2012-07-08 21:56 -------- d-----w- c:\programdata\Malwarebytes

2012-07-08 21:26 . 2012-07-09 19:59 -------- d-sh--w- c:\windows\Installer

2012-07-08 20:50 . 2012-07-08 20:50 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe

2012-07-08 20:50 . 2012-07-08 20:50 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll

2012-07-08 20:50 . 2012-07-08 20:50 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll

2012-07-08 20:50 . 2012-07-08 20:50 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll

2012-07-08 20:49 . 2012-07-08 20:49 80896 ----a-w- c:\windows\system32\MSNP.ax

2012-07-08 20:49 . 2012-07-08 20:49 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2012-07-08 20:49 . 2012-07-08 20:49 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2012-07-08 20:49 . 2012-07-08 20:49 428032 ----a-w- c:\windows\system32\EncDec.dll

2012-07-08 20:49 . 2012-07-08 20:49 292352 ----a-w- c:\windows\system32\psisdecd.dll

2012-07-08 20:49 . 2012-07-08 20:49 217088 ----a-w- c:\windows\system32\psisrndr.ax

2012-07-08 20:49 . 2012-07-08 20:49 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2012-07-08 20:49 . 2012-07-08 20:49 1244672 ----a-w- c:\windows\system32\mcmde.dll

2012-07-08 20:46 . 2012-07-08 20:46 2048 ----a-w- c:\windows\system32\tzres.dll

2012-07-08 20:45 . 2012-07-08 20:45 696832 ----a-w- c:\windows\system32\localspl.dll

2012-07-08 20:44 . 2012-07-08 20:44 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys

2012-07-08 20:44 . 2012-07-08 20:44 21560 ----a-w- c:\windows\system32\drivers\atapi.sys

2012-07-08 20:44 . 2012-07-08 20:44 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-07-08 20:44 . 2012-07-08 20:44 17464 ----a-w- c:\windows\system32\drivers\intelide.sys

2012-07-08 20:44 . 2012-07-08 20:44 109624 ----a-w- c:\windows\system32\drivers\ataport.sys

2012-07-08 20:44 . 2012-07-08 20:44 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys

2012-07-08 20:44 . 2012-07-08 20:44 104448 ----a-w- c:\windows\system32\DWWIN.EXE

2012-07-08 20:44 . 2012-07-08 20:44 2923520 ----a-w- c:\windows\explorer.exe

2012-07-08 20:43 . 2012-07-08 20:43 171520 ----a-w- c:\windows\system32\wintrust.dll

2012-07-08 20:42 . 2012-07-08 20:42 494592 ----a-w- c:\windows\system32\kerberos.dll

2012-07-08 20:42 . 2012-07-08 20:42 272384 ----a-w- c:\windows\system32\schannel.dll

2012-07-08 20:38 . 2012-07-08 20:38 1585664 ----a-w- c:\windows\system32\setupapi.dll

2012-07-08 20:36 . 2012-07-08 20:36 549888 ----a-w- c:\windows\system32\rpcss.dll

2012-07-08 20:36 . 2012-07-08 20:36 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2012-07-08 20:36 . 2012-07-08 20:36 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

2012-07-08 20:36 . 2012-07-08 20:36 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2012-07-08 20:36 . 2012-07-08 20:36 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll

2012-07-08 20:36 . 2012-07-08 20:36 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2012-07-08 20:36 . 2012-07-08 20:36 53248 ----a-w- c:\windows\system32\iasads.dll

2012-07-08 20:36 . 2012-07-08 20:36 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2012-07-08 20:36 . 2012-07-08 20:36 37888 ----a-w- c:\windows\system32\iasdatastore.dll

2012-07-08 20:36 . 2012-07-08 20:36 158720 ----a-w- c:\windows\system32\sdohlp.dll

2012-07-08 20:36 . 2012-07-08 20:36 97280 ----a-w- c:\windows\system32\iasrecst.dll

2012-07-08 20:35 . 2012-07-08 20:35 62464 ----a-w- c:\windows\system32\l3codeca.acm

2012-07-08 20:35 . 2012-07-08 20:35 220672 ----a-w- c:\windows\system32\l3codecp.acm

2012-07-08 20:34 . 2012-07-08 20:34 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-08 20:34 . 2012-07-08 20:34 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2012-07-08 20:34 . 2012-07-08 20:34 22016 ----a-w- c:\windows\system32\netiougc.exe

2012-07-08 20:34 . 2012-07-08 20:34 179712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-07-08 20:34 . 2012-07-08 20:34 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2012-07-08 20:34 . 2012-07-08 20:34 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2012-07-08 20:34 . 2012-07-08 20:34 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys

2012-07-08 20:34 . 2012-07-08 20:34 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll

2012-07-08 20:33 . 2012-07-08 20:33 25600 ----a-w- c:\windows\system32\amxread.dll

2012-07-08 20:33 . 2012-07-08 20:33 14848 ----a-w- c:\windows\system32\apilogen.dll

2012-07-08 20:32 . 2012-07-08 20:32 33280 ----a-w- c:\windows\system32\slwmi.dll

2012-07-08 20:32 . 2012-07-08 20:32 268288 ----a-w- c:\windows\system32\mcbuilder.exe

2012-07-08 20:32 . 2012-07-08 20:32 223232 ----a-w- c:\windows\system32\SLC.dll

2012-07-08 20:32 . 2012-07-08 20:32 57856 ----a-w- c:\windows\system32\SLUINotify.dll

2012-07-08 20:32 . 2012-07-08 20:32 566784 ----a-w- c:\windows\system32\SLCommDlg.dll

2012-07-08 20:32 . 2012-07-08 20:32 351232 ----a-w- c:\windows\system32\SLUI.exe

2012-07-08 20:32 . 2012-07-08 20:32 2605568 ----a-w- c:\windows\system32\SLsvc.exe

2012-07-08 20:32 . 2012-07-08 20:32 186368 ----a-w- c:\windows\system32\SLLUA.exe

2012-07-08 20:32 . 2012-07-08 20:32 39936 ----a-w- c:\windows\system32\slcinst.dll

2012-07-08 20:32 . 2012-07-08 20:32 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2012-07-08 20:32 . 2012-07-08 20:32 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-07-08 20:32 . 2012-07-08 20:32 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-07-08 20:31 . 2012-07-08 20:31 97792 ----a-w- c:\windows\system32\cabview.dll

2012-07-08 20:30 . 2012-07-08 20:30 61440 ----a-w- c:\windows\system32\ntprint.exe

2012-07-08 20:30 . 2012-07-08 20:30 220160 ----a-w- c:\windows\system32\ntprint.dll

2012-07-08 20:30 . 2012-07-08 20:30 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-08 20:37 . 2012-07-08 20:37 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui

2012-07-08 20:37 . 2012-07-08 20:37 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui

2012-07-08 20:37 . 2012-07-08 20:37 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui

2012-07-08 20:37 . 2012-07-08 20:37 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui

2012-07-08 20:37 . 2012-07-08 20:37 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui

2012-07-08 20:37 . 2012-07-08 20:37 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui

2012-07-08 20:33 . 2012-07-08 20:33 40960 ----a-w- c:\windows\apppatch\apihex86.dll

2012-07-08 19:25 . 2012-07-08 19:25 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2012-07-08 18:00 . 2012-07-08 18:00 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2012-07-08 18:00 . 2012-07-08 18:00 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-07-08 18:00 . 2012-07-08 18:00 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2012-07-08 18:00 . 2012-07-08 18:00 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2012-07-08 18:00 . 2012-07-08 18:00 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2012-06-14 22:20 . 2012-07-08 22:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]

"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-7-9 45056]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.mdg.ca

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\8nqeqz1p.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-09 21:57

Windows 6.0.6000 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1172)

c:\program files\Spybot - Search & Destroy\SDHelper.dll

.

Completion time: 2012-07-09 22:01:22

ComboFix-quarantined-files.txt 2012-07-10 02:01

ComboFix2.txt 2012-07-09 01:03

ComboFix3.txt 2012-07-09 00:40

.

Pre-Run: 51,930,812,416 bytes free

Post-Run: 51,828,146,176 bytes free

.

- - End Of File - - DC265D175DE3A13DF29881601FC3AE67

Thanks again,

Karen

Share this post


Link to post
Share on other sites

I don't see that ComboFix deleted anything..

If you reboot, do you still experience issues? Which issues?

Share this post


Link to post
Share on other sites

PS: I should probably mention that I reloaded the system software and reformatted the disk. When I ran the Malwarebytes full scan I still had this "Pum.hijack.StartMenu" malware appear.

Share this post


Link to post
Share on other sites

When I try to open a program from the start menu or if I go to the C:/Program Files/a specific program... the message that comes up is "Illegal operation attempted on a registry key that has been marked for deletion"

Would you still like me to try rebooting?

Share this post


Link to post
Share on other sites

Oh yes, and during the ComboFix scan the Outlook progress bar came up even though the program was not active. I was not connected to the internet and didn't touch the computer until it looked like ComboFix was complete.

Share this post


Link to post
Share on other sites

I just tried to run DDS and I received the message "Illegal operation attempted on a registry key that has been marked for deletion."

Share this post


Link to post
Share on other sites

Reboot and everything will be fine....

When did you format and reinstall Windows??

Do you use anything like Iolo System Mechanic?

Share this post


Link to post
Share on other sites

I just rebooted. I appear to have my programs back. Thank you.

I re-installed Vista yesterday. No, I don't use lolo System Mechanic. What kind of program is that?

I'll run the DDS now.

Share this post


Link to post
Share on other sites

Hi Chris,

Here's the DDS.txt...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.16982

Run by Karen at 22:59:29 on 2012-07-09

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2039.1156 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Synaptics\Scrybe\scrybe.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.mdg.ca

uInternet Settings,ProxyOverride = *.local

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scrybe.lnk - c:\windows\installer\{147dfad8-34c3-4de1-9fca-acefde9ef810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9DE7A134-F33D-4BCE-B454-7DB493DB99F2} : DhcpNameServer = 192.168.0.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\karen\appdata\roaming\mozilla\firefox\profiles\8nqeqz1p.default\

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-7-9 50312]

R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-7-9 42120]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-8 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-8 353688]

R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-7-9 17032]

R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-7-9 187016]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-8 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-8 57656]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-8 44808]

R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-7-9 61064]

R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-7-9 23176]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-9 1153368]

R2 ScrybeUpdater;Scrybe Updater;c:\program files\synaptics\scrybe\service\ScrybeUpdater.exe [2011-5-27 1300264]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-8 113120]

.

=============== Created Last 30 ================

.

2012-07-10 02:00:36 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-09 21:11:28 -------- d-----w- c:\users\karen\appdata\roaming\SumatraPDF

2012-07-09 21:11:20 -------- d-----w- c:\program files\SumatraPDF

2012-07-09 19:51:32 -------- d-----w- c:\users\karen\appdata\roaming\Synaptics

2012-07-09 19:46:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-07-09 19:46:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2012-07-09 19:45:29 -------- d-----w- c:\program files\iPod

2012-07-09 19:45:25 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2012-07-09 19:45:25 -------- d-----w- c:\program files\iTunes

2012-07-09 19:43:25 -------- d-----w- c:\users\karen\appdata\local\Apple

2012-07-09 19:40:26 -------- d-----w- c:\program files\Bonjour

2012-07-09 19:32:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-09 19:32:32 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-07-09 19:31:21 -------- d-----w- c:\program files\Unlocker

2012-07-09 19:28:47 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-07-09 19:28:47 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-07-09 19:25:17 -------- d-----w- c:\programdata\Synaptics

2012-07-09 19:25:17 -------- d-----w- c:\program files\Synaptics

2012-07-09 19:25:08 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-09 19:25:06 218408 ----a-w- c:\windows\system32\SynCtrl.dll

2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynTPAPI.dll

2012-07-09 19:25:06 173352 ----a-w- c:\windows\system32\SynCOM.dll

2012-07-09 19:25:06 120104 ----a-w- c:\windows\system32\SynTPCo9.dll

2012-07-09 19:25:05 1335472 ----a-w- c:\windows\system32\drivers\SynTP.sys

2012-07-09 19:24:20 -------- d-----w- c:\program files\PeaZip

2012-07-09 19:15:39 -------- d-----w- c:\users\karen\appdata\local\Macromedia

2012-07-09 19:14:57 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-09 19:14:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-09 18:24:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll

2012-07-09 18:24:02 28040 ----a-w- c:\windows\system32\mdimon.dll

2012-07-09 18:23:00 -------- d-----w- c:\program files\Microsoft ActiveSync

2012-07-09 18:21:32 -------- d-----w- c:\windows\PCHEALTH

2012-07-09 13:29:27 -------- d-----w- c:\program files\CCleaner

2012-07-09 13:26:58 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-07-09 13:26:57 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys

2012-07-09 13:26:57 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-07-09 13:26:55 42120 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-07-09 13:26:26 20616 ----a-w- c:\windows\system32\fbnative.exe

2012-07-09 13:25:40 -------- d-----w- c:\program files\EaseUS

2012-07-09 03:43:33 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-09 03:43:31 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-09 03:42:20 41224 ----a-w- c:\windows\avastSS.scr

2012-07-09 03:41:39 -------- d-----w- c:\programdata\AVAST Software

2012-07-09 03:41:39 -------- d-----w- c:\program files\AVAST Software

2012-07-09 02:33:22 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-09 02:33:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-09 01:03:47 -------- d-----w- c:\users\karen\appdata\local\temp

2012-07-09 00:33:41 98816 ----a-w- c:\windows\sed.exe

2012-07-09 00:33:41 518144 ----a-w- c:\windows\SWREG.exe

2012-07-09 00:33:41 256000 ----a-w- c:\windows\PEV.exe

2012-07-09 00:33:41 208896 ----a-w- c:\windows\MBR.exe

2012-07-08 23:58:50 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL

2012-07-08 21:56:55 -------- d-----w- c:\users\karen\appdata\roaming\Malwarebytes

2012-07-08 21:56:47 -------- d-----w- c:\programdata\Malwarebytes

2012-07-08 21:26:14 -------- d-sh--w- c:\windows\Installer

2012-07-08 20:50:45 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

2012-07-08 20:50:44 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll

2012-07-08 20:50:44 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll

2012-07-08 20:50:44 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll

2012-07-08 20:49:07 80896 ----a-w- c:\windows\system32\MSNP.ax

2012-07-08 20:49:07 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2012-07-08 20:49:07 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2012-07-08 20:49:07 428032 ----a-w- c:\windows\system32\EncDec.dll

2012-07-08 20:49:07 292352 ----a-w- c:\windows\system32\psisdecd.dll

2012-07-08 20:49:07 217088 ----a-w- c:\windows\system32\psisrndr.ax

2012-07-08 20:49:07 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2012-07-08 20:49:07 1244672 ----a-w- c:\windows\system32\mcmde.dll

2012-07-08 20:46:44 2048 ----a-w- c:\windows\system32\tzres.dll

2012-07-08 20:45:58 696832 ----a-w- c:\windows\system32\localspl.dll

2012-07-08 20:44:54 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys

2012-07-08 20:44:54 21560 ----a-w- c:\windows\system32\drivers\atapi.sys

2012-07-08 20:44:54 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys

2012-07-08 20:44:54 17464 ----a-w- c:\windows\system32\drivers\intelide.sys

2012-07-08 20:44:54 109624 ----a-w- c:\windows\system32\drivers\ataport.sys

2012-07-08 20:44:53 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys

2012-07-08 20:44:30 104448 ----a-w- c:\windows\system32\DWWIN.EXE

2012-07-08 20:44:05 2923520 ----a-w- c:\windows\explorer.exe

2012-07-08 20:43:32 171520 ----a-w- c:\windows\system32\wintrust.dll

2012-07-08 20:42:59 494592 ----a-w- c:\windows\system32\kerberos.dll

2012-07-08 20:42:58 272384 ----a-w- c:\windows\system32\schannel.dll

2012-07-08 20:38:01 1585664 ----a-w- c:\windows\system32\setupapi.dll

2012-07-08 20:36:24 549888 ----a-w- c:\windows\system32\rpcss.dll

2012-07-08 20:36:23 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2012-07-08 20:36:23 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

2012-07-08 20:36:23 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2012-07-08 20:36:23 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll

2012-07-08 20:36:22 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2012-07-08 20:36:22 53248 ----a-w- c:\windows\system32\iasads.dll

2012-07-08 20:36:22 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2012-07-08 20:36:22 37888 ----a-w- c:\windows\system32\iasdatastore.dll

2012-07-08 20:36:22 158720 ----a-w- c:\windows\system32\sdohlp.dll

2012-07-08 20:36:21 97280 ----a-w- c:\windows\system32\iasrecst.dll

2012-07-08 20:35:49 62464 ----a-w- c:\windows\system32\l3codeca.acm

2012-07-08 20:35:49 220672 ----a-w- c:\windows\system32\l3codecp.acm

2012-07-08 20:34:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-08 20:34:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2012-07-08 20:34:52 22016 ----a-w- c:\windows\system32\netiougc.exe

2012-07-08 20:34:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-07-08 20:34:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2012-07-08 20:34:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2012-07-08 20:34:25 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys

2012-07-08 20:34:06 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

2012-07-08 20:33:25 25600 ----a-w- c:\windows\system32\amxread.dll

2012-07-08 20:33:25 14848 ----a-w- c:\windows\system32\apilogen.dll

2012-07-08 20:32:56 33280 ----a-w- c:\windows\system32\slwmi.dll

2012-07-08 20:32:56 268288 ----a-w- c:\windows\system32\mcbuilder.exe

2012-07-08 20:32:56 223232 ----a-w- c:\windows\system32\SLC.dll

2012-07-08 20:32:55 57856 ----a-w- c:\windows\system32\SLUINotify.dll

2012-07-08 20:32:55 566784 ----a-w- c:\windows\system32\SLCommDlg.dll

2012-07-08 20:32:55 351232 ----a-w- c:\windows\system32\SLUI.exe

2012-07-08 20:32:55 2605568 ----a-w- c:\windows\system32\SLsvc.exe

2012-07-08 20:32:55 186368 ----a-w- c:\windows\system32\SLLUA.exe

2012-07-08 20:32:54 39936 ----a-w- c:\windows\system32\slcinst.dll

2012-07-08 20:32:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2012-07-08 20:32:23 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-07-08 20:32:23 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-07-08 20:31:42 97792 ----a-w- c:\windows\system32\cabview.dll

2012-07-08 20:30:42 61440 ----a-w- c:\windows\system32\ntprint.exe

2012-07-08 20:30:42 220160 ----a-w- c:\windows\system32\ntprint.dll

2012-07-08 20:30:41 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-07-08 20:30:41 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll

2012-07-08 20:30:40 1984512 ----a-w- c:\windows\system32\authui.dll

2012-07-08 20:30:39 69632 ----a-w- c:\windows\system32\sendmail.dll

2012-07-08 20:30:38 8138240 ----a-w- c:\windows\system32\ssBranded.scr

2012-07-08 20:29:58 441856 ----a-w- c:\windows\system32\win32spl.dll

2012-07-08 20:29:58 37376 ----a-w- c:\windows\system32\printcom.dll

2012-07-08 20:29:41 2031104 ----a-w- c:\windows\system32\win32k.sys

2012-07-08 20:29:25 14848 ----a-w- c:\windows\system32\wshrm.dll

2012-07-08 20:29:25 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

2012-07-08 20:29:02 43520 ----a-w- c:\windows\system32\msdxm.tlb

2012-07-08 20:29:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2012-07-08 20:29:02 18432 ----a-w- c:\windows\system32\amcompat.tlb

2012-07-08 20:28:21 515584 ----a-w- c:\windows\system32\RMActivate.exe

2012-07-08 20:28:21 472576 ----a-w- c:\windows\system32\secproc.dll

2012-07-08 20:28:21 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2012-07-08 20:28:21 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2012-07-08 20:28:21 312320 ----a-w- c:\windows\system32\msdrm.dll

2012-07-08 20:28:21 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2012-07-08 20:28:21 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2012-07-08 20:28:20 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2012-07-08 20:28:20 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2012-07-08 20:27:50 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll

2012-07-08 20:27:50 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe

2012-07-08 20:27:50 11776 ----a-w- c:\windows\system32\sbunattend.exe

2012-07-08 20:27:29 83968 ----a-w- c:\windows\system32\dnsrslvr.dll

2012-07-08 20:27:29 24576 ----a-w- c:\windows\system32\dnscacheugc.exe

2012-07-08 20:27:20 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2012-07-08 20:25:42 97800 ----a-w- c:\windows\system32\infocardapi.dll

2012-07-08 20:25:42 622080 ----a-w- c:\windows\system32\icardagt.exe

2012-07-08 20:25:42 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2012-07-08 20:25:42 11264 ----a-w- c:\windows\system32\icardres.dll

2012-07-08 20:25:39 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2012-07-08 20:25:38 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2012-07-08 20:25:38 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-07-08 20:25:38 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2012-07-08 20:14:01 -------- d-----w- C:\Boot

2012-07-08 20:13:26 -------- d-----w- c:\windows\system32\OEM

2012-07-08 20:13:26 -------- d-----w- c:\windows\PANTHER

2012-07-08 19:44:20 -------- d-----w- c:\users\karen\appdata\local\Microsoft Games

2012-07-08 19:26:39 72704 ----a-w- c:\windows\system32\fontsub.dll

2012-07-08 19:26:39 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-07-08 19:26:39 289792 ----a-w- c:\windows\system32\atmfd.dll

2012-07-08 19:26:39 24064 ----a-w- c:\windows\system32\lpk.dll

2012-07-08 19:26:39 156672 ----a-w- c:\windows\system32\t2embed.dll

2012-07-08 19:26:39 10240 ----a-w- c:\windows\system32\dciman32.dll

2012-07-08 19:23:05 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2012-07-08 19:23:04 61440 ----a-w- c:\windows\system32\winipsec.dll

2012-07-08 19:23:04 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2012-07-08 19:23:04 272896 ----a-w- c:\windows\system32\polstore.dll

2012-07-08 19:21:20 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2012-07-08 19:21:20 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2012-07-08 19:20:30 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2012-07-08 19:20:30 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2012-07-08 19:20:30 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2012-07-08 19:19:40 707072 ----a-w- c:\program files\common files\system\wab32.dll

2012-07-08 19:19:40 41984 ----a-w- c:\program files\windows mail\wabimp.dll

2012-07-08 19:19:40 39424 ----a-w- c:\windows\system32\ACCTRES.dll

2012-07-08 19:19:40 1098752 ----a-w- c:\program files\common files\system\wab32res.dll

2012-07-08 19:19:39 87040 ----a-w- c:\windows\system32\msoert2.dll

2012-07-08 19:19:39 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll

2012-07-08 19:19:39 205824 ----a-w- c:\windows\system32\msoeacct.dll

2012-07-08 19:19:39 1614848 ----a-w- c:\program files\windows mail\msoe.dll

2012-07-08 19:19:36 397312 ----a-w- c:\program files\windows mail\WinMail.exe

2012-07-08 19:19:36 24064 ----a-w- c:\program files\common files\system\DirectDB.dll

2012-07-08 19:19:35 81408 ----a-w- c:\program files\windows mail\oeimport.dll

2012-07-08 19:18:28 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2012-07-08 19:18:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2012-07-08 19:18:28 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2012-07-08 19:18:28 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2012-07-08 19:18:28 15360 ----a-w- c:\windows\system32\netevent.dll

2012-07-08 19:18:28 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2012-07-08 19:18:28 103936 ----a-w- c:\windows\system32\netiohlp.dll

2012-07-08 19:18:28 10240 ----a-w- c:\windows\system32\finger.exe

2012-07-08 19:18:27 19968 ----a-w- c:\windows\system32\ARP.EXE

2012-07-08 19:18:26 213592 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-08 19:17:14 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr

2012-07-08 19:17:14 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll

2012-07-08 19:17:13 258232 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-07-08 19:17:13 24064 ----a-w- c:\windows\system32\wtsapi32.dll

2012-07-08 19:17:13 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys

2012-07-08 19:17:12 28344 ----a-w- c:\windows\system32\drivers\battc.sys

2012-07-08 19:17:12 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys

2012-07-08 19:17:11 542720 ----a-w- c:\windows\system32\sysmain.dll

2012-07-08 19:16:26 194560 ----a-w- c:\windows\system32\WebClnt.dll

2012-07-08 19:16:26 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2012-07-08 19:15:41 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2012-07-08 19:15:41 47104 ----a-w- c:\windows\system32\wlanapi.dll

2012-07-08 19:15:41 123904 ----a-w- c:\windows\system32\L2SecHC.dll

2012-07-08 19:15:40 502272 ----a-w- c:\windows\system32\wlansvc.dll

2012-07-08 19:15:40 297984 ----a-w- c:\windows\system32\wlansec.dll

2012-07-08 19:15:40 290816 ----a-w- c:\windows\system32\wlanmsm.dll

2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml6r.dll

2012-07-08 19:14:43 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-08 19:14:43 1406464 ----a-w- c:\windows\system32\msxml6.dll

2012-07-08 19:14:43 1260032 ----a-w- c:\windows\system32\msxml3.dll

2012-07-08 19:13:46 7680 ----a-w- c:\windows\system32\lsass.exe

2012-07-08 19:13:46 72704 ----a-w- c:\windows\system32\secur32.dll

2012-07-08 19:13:46 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-08 19:13:46 216576 ----a-w- c:\windows\system32\msv1_0.dll

2012-07-08 19:13:46 175104 ----a-w- c:\windows\system32\wdigest.dll

2012-07-08 19:13:46 1233920 ----a-w- c:\windows\system32\lsasrv.dll

2012-07-08 19:12:54 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2012-07-08 19:12:54 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-07-08 19:12:54 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2012-07-08 19:12:12 49664 ----a-w- c:\windows\system32\csrsrv.dll

2012-07-08 19:12:11 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-07-08 19:11:26 2855424 ----a-w- c:\windows\system32\mf.dll

2012-07-08 19:11:25 98816 ----a-w- c:\windows\system32\mfps.dll

2012-07-08 19:11:25 52736 ----a-w- c:\windows\system32\rrinstaller.exe

2012-07-08 19:11:25 24576 ----a-w- c:\windows\system32\mfpmp.exe

2012-07-08 19:11:25 2048 ----a-w- c:\windows\system32\mferror.dll

2012-07-08 19:10:31 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-07-08 19:10:31 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-08 19:08:22 376832 ----a-w- c:\windows\system32\winhttp.dll

2012-07-08 19:07:37 434176 ----a-w- c:\windows\system32\vbscript.dll

2012-07-08 19:06:51 71680 ----a-w- c:\windows\system32\atl.dll

2012-07-08 19:05:29 297472 ----a-w- c:\windows\system32\gdi32.dll

2012-07-08 19:04:48 41984 ----a-w- c:\windows\system32\drivers\monitor.sys

2012-07-08 19:04:48 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-07-08 19:03:06 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll

2012-07-08 19:02:27 500736 ----a-w- c:\windows\system32\msdtcprx.dll

2012-07-08 19:02:27 30208 ----a-w- c:\windows\system32\xolehlp.dll

2012-07-08 19:01:43 156160 ----a-w- c:\windows\system32\wkssvc.dll

2012-07-08 19:00:03 36352 ----a-w- c:\windows\system32\tsgqec.dll

2012-07-08 19:00:03 116736 ----a-w- c:\windows\system32\aaclient.dll

2012-07-08 19:00:02 1871872 ----a-w- c:\windows\system32\mstscax.dll

2012-07-08 18:59:12 303616 ----a-w- c:\windows\system32\wmpeffects.dll

2012-07-08 18:57:47 414208 ----a-w- c:\windows\system32\msscp.dll

2012-07-08 18:57:07 713728 ----a-w- c:\windows\system32\timedate.cpl

2012-07-08 18:56:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll

2012-07-08 18:55:32 86016 ----a-w- c:\windows\system32\icfupgd.dll

2012-07-08 18:55:32 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2012-07-08 18:55:32 396800 ----a-w- c:\windows\system32\MPSSVC.dll

2012-07-08 18:55:32 392192 ----a-w- c:\windows\system32\FirewallAPI.dll

2012-07-08 18:55:31 61952 ----a-w- c:\windows\system32\cmifw.dll

2012-07-08 18:55:31 16896 ----a-w- c:\windows\system32\wfapigp.dll

2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hcrstco.dll

2012-07-08 18:49:48 8704 ----a-w- c:\windows\system32\hccoin.dll

2012-07-08 18:49:48 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-07-08 18:49:48 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2012-07-08 18:49:48 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys

2012-07-08 18:49:48 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2012-07-08 18:49:48 224768 ----a-w- c:\windows\system32\drivers\usbport.sys

2012-07-08 18:49:48 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys

2012-07-08 18:47:25 24064 ----a-w- c:\windows\system32\netcfg.exe

2012-07-08 18:39:54 9728 ----a-w- c:\windows\system32\LAPRXY.DLL

2012-07-08 18:39:54 223232 ----a-w- c:\windows\system32\WMASF.DLL

2012-07-08 18:39:54 2048 ----a-w- c:\windows\system32\asferror.dll

2012-07-08 18:33:00 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-07-08 18:32:30 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b2b4340-9321-46d3-bd33-43192b504cdd}\mpengine.dll

2012-07-08 18:32:29 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-07-08 18:15:34 96760 ----a-w- c:\windows\system32\dfshim.dll

2012-07-08 18:15:34 41984 ----a-w- c:\windows\system32\netfxperf.dll

2012-07-08 18:15:33 282112 ----a-w- c:\windows\system32\mscoree.dll

2012-07-08 18:15:32 83968 ----a-w- c:\windows\system32\mscories.dll

2012-07-08 18:15:32 158720 ----a-w- c:\windows\system32\mscorier.dll

2012-07-08 18:00:20 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2012-07-08 18:00:18 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2012-07-08 18:00:18 1686528 ----a-w- c:\windows\system32\gameux.dll

2012-07-08 17:59:42 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

2012-07-08 17:59:42 94720 ----a-w- c:\windows\system32\logagent.exe

2012-07-08 17:59:09 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2012-07-08 17:58:55 84480 ----a-w- c:\windows\system32\INETRES.dll

2012-07-08 17:58:55 737792 ----a-w- c:\windows\system32\inetcomm.dll

2012-07-08 17:58:32 60928 ----a-w- c:\windows\system32\msasn1.dll

2012-07-08 17:58:11 1645568 ----a-w- c:\windows\system32\connect.dll

2012-07-08 17:57:53 5120 ----a-w- c:\windows\system32\wmi.dll

2012-07-08 17:57:53 152576 ----a-w- c:\windows\system32\imagehlp.dll

2012-07-08 17:57:53 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-07-08 17:57:35 788992 ----a-w- c:\windows\system32\rpcrt4.dll

2012-07-08 17:56:55 396800 ----a-w- c:\windows\system32\drivers\http.sys

2012-07-08 17:56:55 31232 ----a-w- c:\windows\system32\httpapi.dll

2012-07-08 17:56:55 24064 ----a-w- c:\windows\system32\nshhttp.dll

2012-07-08 17:55:15 130048 ----a-w- c:\windows\system32\drivers\srv2.sys

2012-07-08 17:54:52 974336 ----a-w- c:\windows\system32\crypt32.dll

2012-07-08 17:54:39 274432 ----a-w- c:\windows\system32\raschap.dll

2012-07-08 17:54:38 232960 ----a-w- c:\windows\system32\rastls.dll

2012-07-08 17:54:19 321536 ----a-w- c:\windows\system32\WSDApi.dll

2012-07-08 17:54:00 633856 ----a-w- c:\windows\system32\user32.dll

2012-07-08 17:53:00 88576 ----a-w- c:\windows\system32\avifil32.dll

2012-07-08 17:53:00 82944 ----a-w- c:\windows\system32\mciavi32.dll

2012-07-08 17:53:00 65024 ----a-w- c:\windows\system32\avicap32.dll

2012-07-08 17:53:00 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2012-07-08 17:53:00 22528 ----a-w- c:\windows\system32\msyuv.dll

2012-07-08 17:53:00 1327616 ----a-w- c:\windows\system32\quartz.dll

2012-07-08 17:53:00 123904 ----a-w- c:\windows\system32\msvfw32.dll

2012-07-08 17:53:00 11776 ----a-w- c:\windows\system32\tsbyuv.dll

.

==================== Find3M ====================

.

2012-07-08 20:37:40 5632 ----a-w- c:\windows\system32\drivers\en-us\sermouse.sys.mui

2012-07-08 20:33:25 40960 ----a-w- c:\windows\apppatch\apihex86.dll

2012-07-08 19:25:03 72704 ----a-w- c:\windows\system32\admparse.dll

2012-07-08 19:25:02 832512 ----a-w- c:\windows\system32\wininet.dll

2012-07-08 19:25:02 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2012-07-08 19:24:58 78336 ----a-w- c:\windows\system32\ieencode.dll

2012-07-08 19:24:58 389120 ----a-w- c:\windows\system32\html.iec

2012-07-08 19:24:57 48128 ----a-w- c:\windows\system32\mshtmler.dll

2012-07-08 19:24:56 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2012-07-08 19:24:54 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-08 19:24:52 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2012-07-08 19:24:50 56320 ----a-w- c:\windows\system32\iesetup.dll

2012-07-08 18:00:20 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2012-07-08 18:00:19 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-07-08 18:00:19 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2012-07-08 18:00:19 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2012-07-08 18:00:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2012-07-08 17:52:59 31232 ----a-w- c:\windows\system32\msvidc32.dll

2012-07-08 17:52:59 13312 ----a-w- c:\windows\system32\msrle32.dll

2012-07-08 17:52:41 750080 ----a-w- c:\windows\system32\qmgr.dll

2012-07-08 17:52:28 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2012-07-08 17:52:05 8147968 ----a-w- c:\windows\system32\wmploc.DLL

2012-07-08 17:52:03 7680 ----a-w- c:\windows\system32\spwmp.dll

2012-07-08 17:52:03 4096 ----a-w- c:\windows\system32\dxmasf.dll

2012-07-08 17:52:02 4096 ----a-w- c:\windows\system32\msdxm.ocx

2012-07-08 17:52:00 311296 ----a-w- c:\windows\system32\unregmp2.exe

.

============= FINISH: 22:59:59.74 ===============

Share this post


Link to post
Share on other sites

The Attach.txt looks really bad. There are a ton of Windows updates that haven't been updated.

It's too long to post.

Would you like me to zip it?

Share this post


Link to post
Share on other sites

No don't worry about it. I'm pretty sure TeaTimer is to blame. Either uninstall Spybot or have MBAM ignore those two detections.

Is there anything else I can help with?

Share this post


Link to post
Share on other sites

Thanks for looking at this, however when I do a full scan it still comes up that the computer is infected with "PUM.hijack.StartMenu"... so I still have this problem.

Do you know if "PUM.hijack.StartMenu" infects my files? Can I infect others with this trojan through file exchange?

Share this post


Link to post
Share on other sites

It's not a trojan. PUM means "potentially unwanted modification." There's a program (likely TeaTimer) that keeps restoring it.

It is not a trojan.

Feel free to have MBAM ignore it.

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.