Author Topic: [Resolved] Anti-virus removal tool problem  (Read 2404 times)

0 Members and 1 Guest are viewing this topic.

Offline Dugditches

  • Bronze Member
  • Posts: 11
[Resolved] Anti-virus removal tool problem
« on: January 31, 2012, 09:20:27 pm »
I used an fake anti-virus removal program from trend micro to remove a virus. It removed most of the problem but all the icons are faded on my desk top and it shows all folders are empty even though there are files in the folders. I ran a hijackthis log and here are the results.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:25:19 PM, on 1/31/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Chris\AppData\Roaming\mjusbsp\magicJack.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Chris\Desktop\HijackThis.exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrintUtil] C:\Program Files\HP\HP Print Utility\PrintUtil.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Users\Chris\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: *.coursecompass.com
O15 - Trusted Zone: *.mathxl.com
O15 - Trusted Zone: *.pearsoncmg.com
O15 - Trusted Zone: *.pearsoned.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca59bdb920dd94) (gupdate1ca59bdb920dd94) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 13334 bytes

Any help to fix this problem would be of great help. Thanks.
« Last Edit: January 31, 2012, 09:35:12 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Anti-virus removal tool problem
« Reply #1 on: January 31, 2012, 09:38:39 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.


First, you say you used a fake removal tool from TrendMicro? Can you tell me what you used? Were any logs generated? If there were please post it as well.

Also please read this, [NEW Instructions!] What Do I Do First? and post the logs up in this thread.

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Dugditches

  • Bronze Member
  • Posts: 11
Re: [In Progress] Anti-virus removal tool problem
« Reply #2 on: February 01, 2012, 07:40:23 pm »
Hello Hoov, I want to start out by thanking you for your help. My name is Chris and I will do by part to fix this problem. The Trendmicro removal program link was http://esupport.trendmicro.com/solution/en-us/1056510.aspx

The hijack this log I posted has had the following entries deleted:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSe tup1.0.1.1.cab
That is the extent of attempted repairs. This is my personal home computer. The biggest problem now is that the desktop icons that were there before the virus are now faded and the folders will say they are empty even though I can open files from that folder. (I hope that makes sense) It acts like it can't read the folders but you can still open the files. I don't remember the exact wording that the virus said but the only thing that would open up was the internet explorer, (it was the only icon left on the desktop) then it would open up 10 to 12 windows of the virus heading and would slow down the computer everytime I tried to do something. I lost all of my favorites on internet explorer. I have been using my laptop lately so I cannot tell you if there is anything else wrong. Here is the logs you asked me to generate.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/17/2007 5:08:38 AM
System Uptime: 2/1/2012 7:39:50 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2  | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 38.364 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.801 GiB free.
E: is CDROM ()
G: is CDROM (CDFS)
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
RP726: 1/31/2012 10:29:55 PM - Windows Vista™ Service Pack 2
.
==== Installed Programs ======================
.
.
 Update for Microsoft Office 2007 (KB2508958)
2350
2350_Help
2350Trb
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Software Update
Ask Toolbar
AT&T Toolbar
ATT-PRT22
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
Audible Download Manager
BellSouth Application Management
Bonjour
BufferChm
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Copy
CustomerResearchQFolder
Dell DataSafe Online
Dell Getting Started Guide
Dell Resource CD
Dell Support Center
DesignPro 5
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
EuroTalk Talk Now!
FastAccess® DSL Help Center 4.3
Fax
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Print Diagnostic Utility
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
InstallMgr
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 17
LAME v3.98.2 for Audacity
Logitech Desktop Messenger
Logitech MouseWare 9.14
Logitech QuickCam Driver Package
Logitech Updater
Logitech User's Guide
Logitech Webcam Software
magicJack
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.17)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NVIDIA Drivers
NVIDIANetworkDiagnostic
OGA Notifier 2.0.0048.0
Pamela Basic 4.6
PCI SoftV92 Modem
Product Documentation Launcher
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
Safari
SanDisk Cruzer v1.0
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
SolutionCenter
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
Trend Micro Titanium Internet Security
Trend Micro™ Titanium™ Internet Security
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
Viewpoint Media Player
VLC media player 1.1.3
WebReg
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
Windows Mobile Device Center Driver Update
Yahoo! BrowserPlus 2.9.8
Yahoo! Music Jukebox
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 7:42:35 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  lmoufltr
2/1/2012 7:42:34 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
2/1/2012 7:42:05 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/1/2012 7:41:55 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/1/2012 7:41:50 PM, Error: Service Control Manager [7000]  - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:  The system cannot find the file specified.
2/1/2012 7:41:50 PM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/1/2012 7:40:55 PM, Error: i8042prt [26]  - Exceeded the allowable number of retries (configurable via the registry) for the PS/2 keyboard device.
2/1/2012 7:40:17 PM, Error: i8042prt [15]  -
.
==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088  BrowserJavaVersion: 1.6.0_17
Run by Chris at 19:52:26 on 2012-02-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1982.738 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
uSearch Bar = hxxp://home.peoplepc.com/search
mStart Page = about:blank
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Accelerator Plugin: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\progra~1\people~1\PRPL_I~1.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\chris\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [cdloader] "c:\users\chris\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PrintUtil] c:\program files\hp\hp print utility\PrintUtil.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [HelpCenter4.1] c:\program files\fastaccessdsl\helpcenter43\bin\sprtcmd.exe /P HelpCenter4.1
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: coursecompass.com
Trusted Zone: mathxl.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} - hxxp://esupport.trendmicro.com/media/srf/GetVBInfo.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C817AD60-CE3D-4AAF-9151-A5572DA000E1} : DhcpNameServer = 192.168.1.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\yqhpwu8i.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\yqhpwu8i.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\yqhpwu8i.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\chris\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\chris\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 lkbdfltr;Logitech Keyboard Class Filter Driver;c:\windows\system32\drivers\LKBDFLTR.SYS [2008-1-20 4240]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-2-26 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-2-26 64080]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-3-23 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-9-14 19968]
S1 lmoufltr;Logitech Mouse Class Filter Driver;c:\windows\system32\drivers\LMOUFLTR.SYS [2008-1-20 58592]
S1 lsermous;Logitech Serial Mouse Driver;c:\windows\system32\drivers\LSERMOUS.SYS [2008-1-20 58736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca59bdb920dd94;Google Update Service (gupdate1ca59bdb920dd94);c:\program files\google\update\GoogleUpdate.exe [2009-10-30 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-17 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-30 133104]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
.
=============== Created Last 30 ================
.
2012-02-01 03:49:56   --------   d-----w-   c:\windows\system32\eu-ES
2012-02-01 03:49:56   --------   d-----w-   c:\windows\system32\ca-ES
2012-02-01 03:49:55   --------   d-----w-   c:\windows\system32\vi-VN
2012-02-01 03:28:14   --------   d-----w-   c:\windows\system32\EventProviders
.
==================== Find3M  ====================
.
.
============= FINISH: 19:54:32.26 ===============
I do not have encryption software for the harddrive. Please let me know if you need anything else. Thanks, Chris

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25000
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Anti-virus removal tool problem
« Reply #3 on: February 01, 2012, 08:10:16 pm »
Please download Rkill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.



    Download the following program to your desktop:

    Unhide tool

    Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
    Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\  as below:



    Changing as the next drive is processed as below:



    You will get a success alert at the end.

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2

    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
      • Then click Finish.
      MBAM will automatically start and you will be asked to update the program before performing a scan.
      • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
      • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
      On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
      • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
      • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
      • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
      • Click OK to close the message box and continue with the removal process.
      Back at the main Scanner screen:
      • Click on the Show Results button to see a list of any malware that was found.
      • Make sure that everything is checked, and click Remove Selected.
      • When removal is completed, a log report will open in Notepad.
      • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
      • Exit MBAM when done.
      Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

      Now Re-boot and see if your files are present and the icons look correct again. Let me know how it went.

      [/list]

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline Dugditches

      • Bronze Member
      • Posts: 11
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #4 on: February 02, 2012, 08:57:10 pm »
      Hoov, the icons are not faded anymore and things look back to normal now. Here is a copy of the MBAM log.
      Malwarebytes Anti-Malware (Trial) 1.60.1.1000
      www.malwarebytes.org

      Database version: v2012.02.03.02

      Windows Vista Service Pack 2 x86 NTFS
      Internet Explorer 8.0.6001.19088
      Chris :: CHRIS-PC [administrator]

      Protection: Enabled

      2/2/2012 8:59:50 PM
      mbam-log-2012-02-02 (20-59-50).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
      Scan options disabled: P2P
      Objects scanned: 185126
      Time elapsed: 17 minute(s), 16 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 13
      HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883} (Adware.GameVance) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 2
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 5
      c:\users\chris\appdata\local\temp\ae26.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      c:\users\chris\appdata\local\temp\juhnjqqhwtp1nz.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
      c:\users\chris\appdata\local\temp\softwareupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      c:\users\chris\appdata\local\temp\7shxshpnrsoqme.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
      c:\users\chris\appdata\local\temp\135.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

      (end)
      Thank you very much for the help. :ty Is there anything else you think I need to do?
      Thanks,
      Chris

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25000
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #5 on: February 02, 2012, 09:01:03 pm »
      I know you are happy about the problem appearing to be gone, but I would like you to use your computer normally for 24 hrs. During that time, reboot a couple times. Also make sure you can get into all the system areas like the Taskmanager and command prompt and the like. If all is still well tomorrow evening, we can do some cleanup and call this done.

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline Dugditches

      • Bronze Member
      • Posts: 11
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #6 on: February 03, 2012, 07:24:52 pm »
      I turned on the computer tonight and everything was working fine. I then rebooted and when the desktop re-appeared I could not do anything. I could not even bring up the task manager using alt ctrl del. I had to turn off the machine and reboot again. This time everything seems to be working fine. There seems to be a bug in it since that has never happened before. I have been able to bring up command prompt and task manager and programs seem to operate normally. I am wildland firefighter for the State of Florida and I can be out late or gone for several days at a time. I will follow this to the end but I might not be able to follow up every day. If I have a delay I will do my best to let you know.
      Thanks
      Chris

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25000
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #7 on: February 03, 2012, 07:37:53 pm »
      You have let me know already, I understand how the whole wildfire issue can be, especially if your winter has been as dry as our winter in my part of Michigan, I almost need to mow the lawn and have only used the snowblower twice this winter. We have had a grand total of 8 inches of snow, and its almost gone right now.

      Back to the computer, If you do a cold start to the computer it works fine, but if you do a hot reboot (don't turn off the power) it has problems.?

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline Dugditches

      • Bronze Member
      • Posts: 11
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #8 on: February 04, 2012, 06:01:59 pm »
      I am originally from Minnesota so I understand the lack of snow. As far as the computer goes I have the same problem from a cold start also. It froze on me tonight from a cold start and worked after having to kill the power. So it happens either from a hot reboot or a cold start.

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25000
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #9 on: February 04, 2012, 06:14:19 pm »
      * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

      Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

      http://www.bleepingcomputer.com/combofix/how-to-use-combofix

      * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

      Please include the C:\ComboFix.txt in your next reply for further review.

      Note:
      Do not mouseclick combofix's window while it's running. That may cause it to stall

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline Dugditches

      • Bronze Member
      • Posts: 11
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #10 on: February 04, 2012, 07:08:56 pm »
      Just finished with combofix. Here is the log that was generated. I will try to use the computer and try several reboots and cold starts and let you know how it is working.
      ComboFix 12-02-05.01 - Chris 02/04/2012  19:37:00.1.2 - x86
      Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1982.794 [GMT -5:00]
      Running from: c:\users\Chris\Desktop\ComboFix.exe
      AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
      SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
      SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\INSTALL.LOG
      c:\users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
      c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
      c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
      c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
      c:\windows\bwUnin-8.1.1.50-8876480SL.exe
      c:\windows\bwUnin-8.1.1.87-8876480SL.exe
      c:\windows\security\Database\tmp.edb
      c:\windows\system32\PPCOUNIN.tmp
      c:\windows\TEMP\logishrd\LVPrcInj03.dll
      .
      .
      (((((((((((((((((((((((((   Files Created from 2012-01-05 to 2012-02-05  )))))))))))))))))))))))))))))))
      .
      .
      2012-02-05 00:44 . 2012-02-05 00:44   --------   d-----w-   c:\users\Default\AppData\Local\temp
      2012-02-03 22:16 . 2012-02-03 22:16   --------   d-----w-   c:\program files\Windows Portable Devices
      2012-02-03 03:33 . 2009-09-25 02:04   321024   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
      2012-02-03 03:33 . 2009-09-25 01:33   195584   ----a-w-   c:\windows\system32\dxdiagn.dll
      2012-02-03 03:33 . 2009-09-25 01:32   252928   ----a-w-   c:\windows\system32\dxdiag.exe
      2012-02-03 03:33 . 2009-09-25 01:31   519680   ----a-w-   c:\windows\system32\d3d11.dll
      2012-02-03 03:32 . 2009-10-01 01:02   31232   ----a-w-   c:\windows\system32\BthMtpContextHandler.dll
      2012-02-03 03:32 . 2009-10-01 01:01   60928   ----a-w-   c:\windows\system32\PortableDeviceConnectApi.dll
      2012-02-03 03:32 . 2009-10-01 01:02   334848   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
      2012-02-03 03:32 . 2009-10-01 01:01   160256   ----a-w-   c:\windows\system32\PortableDeviceTypes.dll
      2012-02-03 03:32 . 2009-10-01 01:01   196608   ----a-w-   c:\windows\system32\PortableDeviceWMDRM.dll
      2012-02-03 03:32 . 2009-10-01 01:01   100864   ----a-w-   c:\windows\system32\PortableDeviceClassExtension.dll
      2012-02-03 01:58 . 2012-02-03 01:58   --------   d-----w-   c:\users\Chris\AppData\Roaming\Malwarebytes
      2012-02-03 01:57 . 2012-02-03 01:57   --------   d-----w-   c:\programdata\Malwarebytes
      2012-02-03 01:57 . 2012-02-03 01:58   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2012-02-03 01:57 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2012-02-02 00:22 . 2011-10-27 08:01   3602816   ----a-w-   c:\windows\system32\ntkrnlpa.exe
      2012-02-02 00:22 . 2011-10-27 08:01   3550080   ----a-w-   c:\windows\system32\ntoskrnl.exe
      2012-02-02 00:22 . 2011-07-29 16:01   293376   ----a-w-   c:\windows\system32\psisdecd.dll
      2012-02-02 00:22 . 2011-07-29 16:01   217088   ----a-w-   c:\windows\system32\psisrndr.ax
      2012-02-02 00:22 . 2011-07-29 16:00   69632   ----a-w-   c:\windows\system32\Mpeg2Data.ax
      2012-02-02 00:22 . 2011-07-29 16:00   57856   ----a-w-   c:\windows\system32\MSDvbNP.ax
      2012-02-02 00:22 . 2011-10-14 16:00   23552   ----a-w-   c:\windows\system32\mciseq.dll
      2012-02-02 00:22 . 2011-11-18 20:23   1205064   ----a-w-   c:\windows\system32\ntdll.dll
      2012-02-02 00:20 . 2011-11-18 17:47   66560   ----a-w-   c:\windows\system32\packager.dll
      2012-02-02 00:20 . 2011-12-01 15:21   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
      2012-02-02 00:20 . 2011-09-20 21:02   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
      2012-02-02 00:19 . 2011-10-25 15:56   49152   ----a-w-   c:\windows\system32\csrsrv.dll
      2012-02-02 00:19 . 2011-10-25 15:58   1314816   ----a-w-   c:\windows\system32\quartz.dll
      2012-02-02 00:19 . 2011-10-25 15:58   497152   ----a-w-   c:\windows\system32\qdvd.dll
      2012-02-02 00:19 . 2011-11-17 06:48   440192   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
      2012-02-02 00:19 . 2011-11-16 16:23   278528   ----a-w-   c:\windows\system32\schannel.dll
      2012-02-02 00:19 . 2011-11-16 16:23   72704   ----a-w-   c:\windows\system32\secur32.dll
      2012-02-02 00:19 . 2011-11-16 16:21   1259008   ----a-w-   c:\windows\system32\lsasrv.dll
      2012-02-02 00:19 . 2011-11-16 14:12   9728   ----a-w-   c:\windows\system32\lsass.exe
      2012-02-02 00:17 . 2011-09-30 15:57   707584   ----a-w-   c:\program files\Common Files\System\wab32.dll
      2012-02-02 00:16 . 2010-05-04 19:13   231424   ----a-w-   c:\windows\system32\msshsq.dll
      2012-02-01 03:49 . 2012-02-01 03:50   --------   d-----w-   c:\windows\system32\ca-ES
      2012-02-01 03:49 . 2012-02-01 03:50   --------   d-----w-   c:\windows\system32\eu-ES
      2012-02-01 03:28 . 2012-02-01 03:28   --------   d-----w-   c:\windows\system32\EventProviders
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-11-25 15:59 . 2012-02-02 00:20   376320   ----a-w-   c:\windows\system32\winsrv.dll
      2011-11-23 13:37 . 2012-02-02 00:19   2043904   ----a-w-   c:\windows\system32\win32k.sys
      2011-11-16 16:23 . 2012-02-02 00:19   377344   ----a-w-   c:\windows\system32\winhttp.dll
      2011-11-08 14:42 . 2012-02-02 00:19   2048   ----a-w-   c:\windows\system32\tzres.dll
      2009-10-29 00:41 . 2009-10-29 00:41   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
      "cdloader"="c:\users\Chris\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
      "RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
      "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2000-08-24 33792]
      "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
      "PrintUtil"="c:\program files\HP\HP Print Utility\PrintUtil.exe" [2008-01-02 663552]
      "HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2007-04-13 198184]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
      "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
      "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
      "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-11 149280]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
      "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
      "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
      "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
      "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]
      "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
      .
      [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
      path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
      backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
      backupExtension=.CommonStartup
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
      2008-10-25 15:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
      .
      S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs   REG_MULTI_SZ      BthServ
      WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
      LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr
      HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
      LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 00:04]
      .
      2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 00:04]
      .
      2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104248684-2570157926-3402071037-1000Core.job
      - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-16 21:12]
      .
      2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4104248684-2570157926-3402071037-1000UA.job
      - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-16 21:12]
      .
      2012-02-04 c:\windows\Tasks\User_Feed_Synchronization-{B1CAA0A7-E0C7-4992-AF8D-FE712D5C7A93}.job
      - c:\windows\system32\msfeedssync.exe [2012-02-02 04:44]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://att.my.yahoo.com/
      mStart Page = about:blank
      IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
      Trusted Zone: coursecompass.com
      Trusted Zone: mathxl.com
      Trusted Zone: pearsoncmg.com
      Trusted Zone: pearsoned.com
      TCP: DhcpNameServer = 192.168.1.254
      Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\yqhpwu8i.default\
      FF - prefs.js: network.proxy.type - 0
      FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
      FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      .
      - - - - ORPHANS REMOVED - - - -
      .
      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
      WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
      HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
      HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
      AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2012-02-04 19:52
      Windows 6.0.6002 Service Pack 2 NTFS
      .
      scanning hidden processes ... 
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ... 
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
      @Denied: (2) (LocalSystem)
      "Progid"="YMP.Media"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000b5
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\system32\nvvsvc.exe
      c:\windows\system32\rundll32.exe
      c:\program files\Trend Micro\AMSP\coreServiceShell.exe
      c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
      c:\program files\Microsoft\BingBar\SeaPort.EXE
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Canon\IJPLM\IJPLMSVC.EXE
      c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      c:\program files\Common Files\Motive\McciCMService.exe
      c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\windows\system32\WUDFHost.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
      c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
      c:\windows\servicing\TrustedInstaller.exe
      c:\program files\Windows Media Player\wmpnetwk.exe
      .
      **************************************************************************
      .
      Completion time: 2012-02-04  20:01:38 - machine was rebooted
      ComboFix-quarantined-files.txt  2012-02-05 01:01
      .
      Pre-Run: 42,479,792,128 bytes free
      Post-Run: 44,918,009,856 bytes free
      .
      - - End Of File - - 7025B09D304125276316EDBEA36D802F

      Offline Dugditches

      • Bronze Member
      • Posts: 11
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #11 on: February 04, 2012, 08:10:24 pm »
      Hoov, Just to let you know I did severeal cold starts and reboots and the problem seems to have gone away. I don't have any problem with the task manager or command prompt also. Please let me know what the next step is. Thanks, Chris

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25000
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #12 on: February 04, 2012, 08:14:47 pm »
      Do you have access to a clean computer and a thumbdrive or CD ROM with a blank disc?

      Consumer Security

      If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

      Offline Dugditches

      • Bronze Member
      • Posts: 11
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #13 on: February 04, 2012, 08:17:41 pm »
      Yes I have my laptop with a thumb drive.

      Offline Hoov

      • Malware Removal Mentors
      • Global Moderator
      • Diamond Member
      • Posts: 25000
      • Unwilling part owner of Gov't. Motors and Chrysler
        • Hoov's Personal Site
      Re: [In Progress] Anti-virus removal tool problem
      « Reply #14 on: February 04, 2012, 08:26:00 pm »
      On the laptop download all the programs below and then copy them to the thumbdrive and move it to the problem child.

      Reboot the computer into safe mode using the F8 key (let me know if you need instructions)

      Please download Rkill by Grinler and save it to your desktop.
        Link 2
        Link 3
        Link 4

        • Double-click on the Rkill desktop icon to run the tool.
        • If using Vista, right-click on it and Run As Administrator.
        • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
        • If not, delete the file, then download and use the one provided in Link 2.
        • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish.
        • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
        • If the tool does not run from any of the links provided, please let me know.
        Please read carefully and follow these steps.
        • Download TDSSKiller and save it to your Desktop.
        • Extract its contents to your desktop.
        • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





        • If an infected file is detected, the default action will be Cure, click on Continue.





        • If a suspicious file is detected, the default action will be Skip, click on Continue.





        • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





        • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
        • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
        Now run a full scan (not a quick scan) with Malwarebytes' Anti-Malware. If it finds anything fix it, if not then no worries.

        Download the following program to your desktop:

        Unhide tool

        Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
        Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\  as below:



        Changing as the next drive is processed as below:



        You will get a success alert at the end. Re-boot and see if your files are present.

        Now reboot the computer normally.  Post the log from TDSSKiller and from the Malwarebytes' Anti-Malware scan.

        [/list]

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!