SpyWare BeWare! ASAP
May 28, 2017, 03:34:05 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1] 2 3 ... 6   Go Down
  Print  
Author Topic: Backdoor Trojan  (Read 6894 times)
0 Members and 1 Guest are viewing this topic.
Hamturk
Jr. Member
**
Offline Offline

Date Registered:March 19, 2012, 02:54:59 AM
Posts: 77


« on: April 15, 2012, 02:56:33 PM »

So if I had such a thing, which after some research seems like a reasonable explanation for what's being going on how would I find it?

I've received help on the forum before. Both times I've come away with my computer in a better state, but still had a feeling something was still wrong.

I run scans with Malwarebytes and the AVG trial almost daily and they all come back reporting no problems. The only problem I seem to have is a computer running slowly and popups when, but is enough to make me feel that something is up.

Firstly can someone help me identify if I actually have a backdoor trojan? and if so help me remove it.

Today I cleared out my quarantine on Malwarebytes, not sure why I didn't do it before or if I was even supposed to, but I deleted the 13 objects from there.

Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #1 on: April 15, 2012, 03:37:21 PM »

Hi and welcome back to the SWBW forums.  Smiley

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • If you don't know or understand something, please don't hesitate to ask.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


DDS

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2


Temporarily disable any real-time active protection and then double click dds.scr to run the tool. A command window will appear, this is normal.



  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    • Save both reports to your desktop.
    .
    Re-enable any real-time protection you disabled during the running of DDS.


     Please copy &  paste  the contents of :
    • DDS.txt
    • Attach.txt
    And post them in your next reply.



    aswMBR

    Download aswMBR and save it to your Desktop.

    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click Yes to the prompt to download Avast! virus definitions.
      (Please be patient whilst the virus definitions download)
    • With the AVscan set to Quick Scan, click the Scan button.
      (Please be patient whilst your computer is scanned.)
    • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
    • Click OK
    • Two files will be created, aswMBR.txt & a file named MBR.dat
    • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
    • NOTE: Do not click to fix anything at this stage!
    • Click EXIT.
    • Copy & Paste the contents of aswMBR.txt into your next reply.
    .


    Logged

    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #2 on: April 15, 2012, 04:32:19 PM »

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
    Run by Danielle at 22:30:37 on 2012-04-15
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4009.1536 [GMT 1:00]
    .
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
    C:\Program Files\Fujitsu\PSUtility\PSUService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\vsnp2uvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
    C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
    C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
    C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ts.fujitsu.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Google Update] "C:\Users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
    mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
    mRun: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
    mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
    mRun: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube to iPod Converter - C:\Users\Danielle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{1110752A-7E96-4F3A-978A-8401E5161ECC} : NameServer = 88.82.13.12 88.82.13.12
    TCP: Interfaces\{1CF4B797-729F-4F25-872B-25359B77683F} : NameServer = 88.82.13.44 88.82.13.44
    TCP: Interfaces\{985B41EC-C0A4-4FDA-B231-13F3ACE1F4B4} : NameServer = 88.82.13.60 88.82.13.60
    TCP: Interfaces\{D48B1BE5-F945-4C09-B308-189F27F0D81E} : DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{D48B1BE5-F945-4C09-B308-189F27F0D81E}\35B4952313035373 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D48B1BE5-F945-4C09-B308-189F27F0D81E}\4656661657C647 : DhcpNameServer = 192.168.2.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64:     AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64:     URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
    mRun-x64: [snp2uvc] C:\Windows\vsnp2uvc.exe
    mRun-x64: [DeskUpdateNotifier] "c:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
    mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
    mRun-x64: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\apoax222.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Danielle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Danielle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Danielle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\system32\Drivers\FBIOSDRV.sys --> C:\Windows\system32\Drivers\FBIOSDRV.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-11 654408]
    R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-7 331776]
    R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-5-7 63336]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-21 2656280]
    R2 VmbService;Vodafone Mobile Broadband Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-3-29 9216]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\drivers\FUJ02E3.sys --> C:\Windows\system32\drivers\FUJ02E3.sys [?]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
    S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys --> C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [?]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys --> C:\Windows\system32\DRIVERS\ew_juextctrl.sys [?]
    S3 huawei_wwanecm;huawei_wwanecm;C:\Windows\system32\DRIVERS\ew_juwwanecm.sys --> C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [?]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-15 16:19:50   --------   d-----w-   C:\Users\Danielle\AppData\Local\{25142753-66CF-4AC8-998B-6F0307E0BECB}
    2012-04-15 16:19:31   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2A5D8C99-4B53-4D9C-A513-7AC4A65949E8}
    2012-04-14 22:22:32   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2FF5B269-D3D1-431E-9B23-46E5788A17B2}
    2012-04-14 22:21:43   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B74F7CE9-8CE6-4177-9FAF-A9C0A9D7FA45}
    2012-04-13 15:55:03   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2E14687D-3A2D-4580-8634-83E7CC32671D}
    2012-04-13 14:03:22   --------   d-----w-   C:\Users\Danielle\AppData\Local\{9644B4CA-03A3-4EAC-807D-32624C98A6DF}
    2012-04-13 14:01:51   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4F2CD7A6-DCD3-4DDB-B120-DB0288939B81}
    2012-04-12 20:57:56   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1037DF8A-BA51-4DFA-8DEA-B3764EB8B347}
    2012-04-12 08:19:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{05AFF22A-3E9B-4CF8-A668-2B798111E93E}
    2012-04-11 22:04:11   --------   d-----w-   C:\Users\Danielle\AppData\Local\{716BC5C4-6133-4DAF-B58E-E3A6A11A1202}
    2012-04-11 16:47:25   --------   d-----w-   C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-04-11 06:52:48   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
    2012-04-11 06:52:48   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-11 06:52:47   3913072   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-11 06:50:06   81408   ----a-w-   C:\Windows\System32\imagehlp.dll
    2012-04-11 06:50:06   23408   ----a-w-   C:\Windows\System32\drivers\fs_rec.sys
    2012-04-11 06:50:06   159232   ----a-w-   C:\Windows\SysWow64\imagehlp.dll
    2012-04-11 06:50:03   5120   ----a-w-   C:\Windows\SysWow64\wmi.dll
    2012-04-11 06:50:03   5120   ----a-w-   C:\Windows\System32\wmi.dll
    2012-04-11 06:50:03   220672   ----a-w-   C:\Windows\System32\wintrust.dll
    2012-04-11 06:50:03   172544   ----a-w-   C:\Windows\SysWow64\wintrust.dll
    2012-04-11 06:45:11   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B2D67134-7BED-4D08-BDC8-25C67F3168A6}
    2012-04-10 09:11:59   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5C8335EB-A118-4BFD-9784-D65C90963D81}
    2012-04-09 20:33:03   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AF3AEE61-9FF8-429E-A0D0-2C4FF0995DAD}
    2012-04-09 08:32:20   --------   d-----w-   C:\Users\Danielle\AppData\Local\{FCEC9F44-9E16-4A7D-9EFC-893A1D42FDA7}
    2012-04-08 15:35:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8F5E51CA-D37F-4903-B75D-1756FC37796D}
    2012-04-08 14:13:15   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CCD83F7E-3594-48EB-A912-04B24582BC5F}
    2012-04-08 00:16:20   --------   d-----w-   C:\Users\Danielle\AppData\Local\{81A00C95-D7EB-41CF-BFD8-C4C805D4F0EF}
    2012-04-07 09:23:04   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6822E6E2-8F44-4271-9AC0-E609BEDF7632}
    2012-04-06 20:21:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{FF148740-7C39-478E-AADD-25B6354C2B7D}
    2012-04-05 20:28:00   --------   d-----w-   C:\Users\Danielle\AppData\Local\{229431BD-C9B8-4224-85E7-0C786359C0E5}
    2012-04-05 08:27:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{23381F43-9976-4EF6-AB60-1E98B0ADA1E7}
    2012-04-04 16:17:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6AF0CE16-47A9-4968-B0DE-4921529D108A}
    2012-04-03 20:43:53   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8A9EB653-9E06-4C7B-A981-B46C4A7BE4E4}
    2012-04-03 07:27:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{602CFB45-C3EE-4F34-A30E-F0A3F9F91D2E}
    2012-04-02 11:36:13   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8E4F9FD8-EE6D-41B6-8845-6D4B41A89B98}
    2012-04-02 11:04:00   --------   d-----w-   C:\Users\Danielle\AppData\Local\{30BAF952-5D3D-4F69-A8F3-89D9D92601DC}
    2012-04-01 21:53:23   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6C0B0091-14AA-42AA-9389-10597DFCDC57}
    2012-03-31 22:17:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EF7D207A-0D50-4532-954E-B11B37E4D2E2}
    2012-03-31 19:26:21   --------   d-----w-   C:\Users\Danielle\AppData\Roaming\uTorrent
    2012-03-31 07:36:14   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EE813319-DBBE-4CF2-A951-E6516725DD5D}
    2012-03-30 18:36:14   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1B9A51C7-5967-4544-AB44-40399FDFE1F0}
    2012-03-30 06:35:38   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2F07E0AB-0DFA-406A-BB36-BF8B4BB1166F}
    2012-03-29 09:05:55   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C7B8B2A4-F0AB-4D8B-9367-5FBC55DF21FA}
    2012-03-28 20:45:47   --------   d-----w-   C:\Users\Danielle\AppData\Local\theHunter
    2012-03-28 17:08:46   --------   d-----w-   C:\Windows\SysWow64\directx
    2012-03-28 17:08:44   --------   d-----w-   C:\Program Files (x86)\theHunter
    2012-03-28 15:43:45   53248   ----a-r-   C:\Users\Danielle\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
    2012-03-28 15:15:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\Downloaded Installations
    2012-03-28 15:12:45   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A85F5278-1C6C-490B-97CB-DDB2CB4F9162}
    2012-03-28 06:11:48   --------   d-----w-   C:\Users\Danielle\AppData\Local\{3C705EDD-A178-4878-B546-1F9A856615A6}
    2012-03-27 15:01:38   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CF297DC9-8B46-43CE-8546-37C3A7731E6C}
    2012-03-27 15:01:26   --------   d-----w-   C:\Users\Danielle\AppData\Local\{71892A43-CEE2-4379-8E83-307CA83B4DEA}
    2012-03-26 22:49:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B13D4E80-B889-4891-B11D-617015C02C3E}
    2012-03-26 22:48:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{705914C3-0AD1-43E4-B97E-30C49F69A6C4}
    2012-03-26 22:37:39   --------   d-----w-   C:\Windows\en
    2012-03-26 22:36:55   --------   d-----w-   C:\Windows\de
    2012-03-26 22:36:50   --------   d-----w-   C:\Windows\fr
    2012-03-26 22:36:45   --------   d-----w-   C:\Windows\es
    2012-03-26 22:36:42   --------   d-----w-   C:\Windows\it
    2012-03-26 22:36:37   --------   d-----w-   C:\Windows\nl
    2012-03-26 22:31:49   15712   ----a-w-   C:\Program Files (x86)\Common Files\Windows Live\.cache\3c5706571cd0ba001\MeshBetaRemover.exe
    2012-03-26 22:25:40   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EDE0139F-1CA1-45D0-BEB6-B62FD606138D}
    2012-03-26 22:25:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{59464B59-F72F-40CE-ABA3-09D78454893C}
    2012-03-26 21:56:29   --------   d-----w-   C:\Users\Danielle\AppData\Local\{53764085-4013-462B-97DB-023F674D0A54}
    2012-03-26 21:56:05   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CD7BDAFC-D9F0-44D9-BBAB-D937C7D59097}
    2012-03-26 21:34:46   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A30B8C11-8502-4CD6-8290-6895B24C248C}
    2012-03-26 21:34:01   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EF983A71-D3A4-4DE1-9DC2-AAFEAAF998A5}
    2012-03-26 19:38:27   --------   d-----w-   C:\Users\Danielle\AppData\Local\{607F658F-AB0F-45B9-B8B6-ED94A8AD7DC8}
    2012-03-26 19:37:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5B1565EF-A5A2-4825-9A86-E02CA0C02D41}
    2012-03-26 16:33:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BEC64E8B-BCA9-4006-A38E-AC1986716B8B}
    2012-03-26 16:33:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C4CF3310-4FDD-45CF-AA0E-7928B69E8AED}
    2012-03-26 16:05:55   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
    2012-03-26 15:15:16   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B8FC71B9-E52C-495D-A948-17C3DE7FD75D}
    2012-03-26 15:14:52   --------   d-----w-   C:\Users\Danielle\AppData\Local\{18F910C4-40AA-4DC4-935F-9AD69BB7471D}
    2012-03-26 11:54:54   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AA00458F-1DEB-424F-88F3-C7E833B71B22}
    2012-03-26 11:54:30   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C1275CB6-CA7B-4AA4-A62C-8DCED85C3A37}
    2012-03-26 08:51:26   --------   d-----w-   C:\Users\Danielle\AppData\Local\{DB2EC263-A4C2-4C5C-AE7F-5528AC781FD8}
    2012-03-26 08:51:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{DDD588A6-7D37-4A8C-AE1B-563764077E13}
    2012-03-25 23:15:59   --------   d-----w-   C:\Users\Danielle\AppData\Local\{9F0C4C3A-16F6-4F21-8B6E-EB75D320184B}
    2012-03-25 23:15:47   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C426ECEB-2AB6-4666-8B75-6B1CE18E6326}
    2012-03-25 14:18:25   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1BCE12C6-143A-4CC0-85DB-BC68B747F594}
    2012-03-24 23:08:16   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1C836FF0-73FA-48F0-95A7-54B93014A353}
    2012-03-24 23:07:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{82EE220B-4046-40FD-8568-A456688C78BE}
    2012-03-24 15:17:42   --------   d-----w-   C:\Users\Danielle\AppData\Local\{72071438-F5C7-4DAE-8E04-9612D23E64F0}
    2012-03-24 15:16:51   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AAA3D9D1-6255-41D7-92DD-F8086CF5B88F}
    2012-03-24 10:32:29   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BC7D86EE-465B-4FC4-A71A-A1094115746A}
    2012-03-24 10:32:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{17491640-9DA0-4A7D-B9E8-A301BC197042}
    2012-03-23 23:14:02   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8670BC8D-C30F-4779-9D46-033D794D224B}
    2012-03-23 23:13:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\{64B7531D-C47C-47F2-9B48-B508B233A206}
    2012-03-23 18:25:31   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EC0C6EBF-80A5-49B8-B197-372BAF390DB2}
    2012-03-23 18:25:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CEBC888A-FF9E-4C91-9D09-381836BC31EF}
    2012-03-23 08:45:24   --------   d-----w-   C:\Users\Danielle\AppData\Local\{B9F8FE7E-0836-4A86-B87F-238D6EB03EC0}
    2012-03-23 08:45:00   --------   d-----w-   C:\Users\Danielle\AppData\Local\{7824C70C-265D-45C5-AB96-3FE53C198C95}
    2012-03-22 18:33:30   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5B58E561-316D-438A-9168-6051FEA16309}
    2012-03-22 18:33:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{974D92E0-FE5F-42B9-8A24-D55DAFD1931C}
    2012-03-22 13:32:55   --------   d-----w-   C:\Users\Danielle\AppData\Local\{758571E9-DE79-4416-B512-EE3B1FDE4C4D}
    2012-03-22 13:32:32   --------   d-----w-   C:\Users\Danielle\AppData\Local\{AAA9CFAD-1692-4F5A-9E54-84B0E5710111}
    2012-03-22 01:29:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1E9CD158-59B3-45AB-B52E-D9281E371880}
    2012-03-22 01:28:59   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BE75E43B-9A8C-42E8-AB44-CC1B7D925692}
    2012-03-21 21:35:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{6A8E0D9D-479B-416B-A9C6-DA40F59831CE}
    2012-03-21 21:34:08   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5CE9FB9D-A075-4260-923E-C8F111A8A195}
    2012-03-21 16:13:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{BF964C12-FE10-478E-AD13-5DAD4C362764}
    2012-03-21 07:51:34   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1043C57F-D5D5-42DE-8614-BA3804A31A21}
    2012-03-20 20:44:26   --------   d-----w-   C:\Users\Danielle\AppData\Local\{5477D277-C336-4A67-972F-89BC9BAF67D4}
    2012-03-20 20:44:12   --------   d-----w-   C:\Users\Danielle\AppData\Local\{68FBC8E9-669C-486A-B20C-76C4DF0BAD71}
    2012-03-20 16:53:41   --------   d-----w-   C:\Users\Danielle\AppData\Local\{CCFF3A98-1326-459D-9D4E-AAD1B04E82B3}
    2012-03-20 16:53:28   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8EE2A72D-73B8-45E7-A413-8AFCAB068658}
    2012-03-20 13:51:01   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4A958CD4-D179-4D2E-B3C2-EFEC32FAE218}
    2012-03-20 13:50:49   --------   d-----w-   C:\Users\Danielle\AppData\Local\{58899144-2831-49E1-8D2A-BF9F301F6BDE}
    2012-03-20 08:50:35   --------   d-----w-   C:\Users\Danielle\AppData\Local\{662DCCF6-09C6-4EED-8F0D-BB2308B8FB0C}
    2012-03-20 08:50:05   --------   d-----w-   C:\Users\Danielle\AppData\Local\{9DC193D3-35A6-43DF-8112-170345EFCE1C}
    2012-03-20 08:06:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{24752A38-3E4C-4047-A34B-166FE4846290}
    2012-03-19 19:14:33   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8ECC99D8-B633-4C99-A9FB-D37EAA9E07A9}
    2012-03-19 19:14:10   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8A9AAEB7-97D3-422A-9891-AEF1CC6061AA}
    2012-03-19 16:35:13   24904   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2012-03-19 16:35:13   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-19 15:24:29   --------   d-----w-   C:\Users\Danielle\AppData\Local\{3DE2E4D6-CE5F-4C8E-8A70-A6BD7750E9EF}
    2012-03-19 15:24:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{148CAD9C-4D2A-4076-9EEF-6BB48C084AD2}
    2012-03-19 07:40:41   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4B66415A-36DA-474A-938A-1EEB3107ED1C}
    2012-03-19 07:40:16   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A3849A05-54FB-4E44-BFEF-9DBBC6D395ED}
    2012-03-18 22:34:02   --------   d--h--w-   C:\$AVG
    2012-03-18 22:03:09   --------   d-----w-   C:\Users\Danielle\AppData\Local\{13C862CB-3DB1-4864-BF98-7D84E899F8A0}
    2012-03-18 22:02:57   --------   d-----w-   C:\Users\Danielle\AppData\Local\{28F2F9BB-E0E7-4575-91F8-8587564B1022}
    2012-03-18 21:58:52   --------   d-----w-   C:\Users\Danielle\AppData\Local\{8D4F65FE-31C7-43CD-B0FC-9D3982F7EFFB}
    2012-03-18 21:58:37   --------   d-----w-   C:\Users\Danielle\AppData\Local\{D37B6147-EF36-4B54-98DB-2745289FBFB6}
    2012-03-18 21:54:33   --------   d-----w-   C:\Users\Danielle\AppData\Roaming\AVG2012
    2012-03-18 21:54:30   --------   d--h--w-   C:\ProgramData\Common Files
    2012-03-18 21:54:21   --------   d-----w-   C:\Windows\SysWow64\drivers\AVG
    2012-03-18 21:53:47   --------   d-----w-   C:\Windows\System32\drivers\AVG
    2012-03-18 21:53:47   --------   d-----w-   C:\ProgramData\AVG2012
    2012-03-18 21:53:20   --------   d-----w-   C:\Program Files (x86)\AVG
    2012-03-18 21:43:47   --------   d-----w-   C:\ProgramData\MFAData
    2012-03-18 21:29:32   --------   d-----w-   C:\Users\Danielle\AppData\Local\{EFAFEF59-B012-49C7-A547-BA5E67272E98}
    2012-03-18 21:23:37   --------   d-----w-   C:\Users\Danielle\AppData\Local\{0046F141-9524-45B2-AEC9-127165F1B89B}
    2012-03-18 21:23:13   --------   d-----w-   C:\Users\Danielle\AppData\Local\{47A53976-5BBA-41A7-9009-1BA0420F1FAA}
    2012-03-18 11:34:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1F3703EE-520E-4B20-8795-CDB3CA2EB9DF}
    2012-03-18 11:33:41   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4A85E446-801C-4B16-9A38-F233BF2FA4E4}
    2012-03-17 22:33:27   592824   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-17 22:33:27   44472   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-17 22:33:18   --------   d-----w-   C:\Users\Danielle\AppData\Local\{C253F62F-728A-4410-83C8-C8B3D8FAF39B}
    2012-03-17 22:33:05   --------   d-----w-   C:\Users\Danielle\AppData\Local\{D0C835E9-2EF9-44C9-B656-ED76267871B9}
    2012-03-17 16:45:50   --------   d-----w-   C:\Users\Danielle\AppData\Local\{2D7A84E8-A067-46D1-984E-AE3461C3EB82}
    2012-03-17 16:45:27   --------   d-----w-   C:\Users\Danielle\AppData\Local\{4A713A12-9FB2-4B4E-9D09-E4780D129ACF}
    2012-03-17 11:39:39   --------   d-----w-   C:\Users\Danielle\AppData\Local\{18D333D4-5B5E-42B1-9B90-C8C0CC932448}
    2012-03-17 11:39:27   --------   d-----w-   C:\Users\Danielle\AppData\Local\{A40D79B1-A934-42AC-BF97-EDAD9880E30F}
    2012-03-17 00:37:06   --------   d-----w-   C:\Users\Danielle\AppData\Local\{63F6B8EB-C934-4D26-8DD4-5B46DA55E9F5}
    2012-03-17 00:36:36   --------   d-----w-   C:\Users\Danielle\AppData\Local\{1895444F-8666-42D8-96A9-3A6D72633B1C}
    2012-03-16 23:08:33   8643640   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD46CA70-7B62-4358-8CC2-902D75BD760E}\mpengine.dll
    .
    ==================== Find3M  ====================
    .
    2012-02-28 06:56:48   2311168   ----a-w-   C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56   1390080   ----a-w-   C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57   1493504   ----a-w-   C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55   1799168   ----a-w-   C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21   1427456   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07   1127424   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 09:18:36   279656   ------w-   C:\Windows\System32\MpSigStub.exe
    2012-02-17 06:38:26   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
    2012-02-14 11:09:44   1070352   ----a-w-   C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-10 06:36:07   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
    2012-02-03 04:34:34   3145728   ----a-w-   C:\Windows\System32\win32k.sys
    2012-01-25 06:38:39   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
    2012-01-25 06:38:38   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
    2012-01-25 06:33:30   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
    2012-01-19 08:23:58   339320   ----a-w-   C:\Windows\SysWow64\HMIPCore.dll
    .
    ============= FINISH: 22:30:58.03 ===============
    Logged
    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #3 on: April 15, 2012, 04:33:31 PM »

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20/10/2011 16:42:20
    System Uptime: 15/04/2012 20:38:56 (2 hours ago)
    .
    Motherboard: FUJITSU |  | FJNBB0F
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | Onboard | 2100/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 50 GiB total, 13.151 GiB free.
    D: is FIXED (NTFS) - 395 GiB total, 395.027 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-427970617373}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{426C6163-6B42-6572-7279-44736B746F70}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&0002\8&185DC2C9&0&80600712C2F2_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP114: 15/04/2012 21:49:42 - test
    RP115: 15/04/2012 21:50:49 - 15/04/12
    .
    ==== Installed Programs ======================
    .
    Adobe Reader 9.5.0
    Anytime USB Charge Utility
    Apple Application Support
    Apple Software Update
    BlackBerry Desktop Software 6.1
    BlackBerry Device Software Updater
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DeskUpdate 4.11
    eBay
    FJ Camera
    Fujitsu Display Manager
    Fujitsu Hotkey Utility
    Fujitsu MobilityCenter Extension Utility
    Fujitsu System Extension Utility
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) WiDi
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    LifeBook Application Panel
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    Mozilla Firefox 11.0 (x86 en-GB)
    MSVCRT
    MSVCRT_amd64
    Power Saving Utility
    Raccolta foto di Windows Live
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    theHunter (remove only)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Visual Studio 2008 x64 Redistributables
    Vodafone Mobile Broadband Lite
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalerie
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13/04/2012 07:47:54, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    13/04/2012 07:47:53, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    13/04/2012 07:12:11, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    13/04/2012 07:12:11, Error: Service Control Manager [7000]  - The Application Information service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    13/04/2012 07:11:41, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    13/04/2012 07:11:11, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    13/04/2012 07:11:11, Error: Service Control Manager [7000]  - The Background Intelligent Transfer Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
    13/04/2012 07:11:11, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    13/04/2012 07:10:41, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    12/04/2012 22:58:52, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    12/04/2012 14:47:04, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Vodafone Mobile Broadband Service service to connect.
    11/04/2012 17:26:24, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 258
    11/04/2012 17:24:48, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
    .
    ==== End Of File ===========================
    Logged
    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #4 on: April 15, 2012, 04:52:05 PM »

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-15 22:40:20
    -----------------------------
    22:40:20.508    OS Version: Windows x64 6.1.7601 Service Pack 1
    22:40:20.508    Number of processors: 4 586 0x2A07
    22:40:20.509    ComputerName: DANIELLE-PC  UserName: Danielle
    22:40:21.641    Initialize success
    22:49:47.672    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:49:47.679    Disk 0 Vendor: WDC_WD50 03.0 Size: 476940MB BusType: 3
    22:49:47.697    Disk 0 MBR read successfully
    22:49:47.702    Disk 0 MBR scan
    22:49:47.708    Disk 0 Windows 7 default MBR code
    22:49:47.713    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         2117 MB offset 2048
    22:49:47.719    Disk 0 Partition - 00     0F Extended LBA            474820 MB offset 4339712
    22:49:47.740    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        51201 MB offset 4341760
    22:49:47.744    Disk 0 Partition - 00     05     Extended            404615 MB offset 109201408
    22:49:47.772    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       404614 MB offset 109203456
    22:49:47.776    Disk 0 Partition - 00     05     Extended              5001 MB offset 1042714624
    22:49:47.815    Disk 0 Partition 4 00     27 Hidden NTFS WinRE NTFS         5000 MB offset 937854976
    22:49:47.820    Disk 0 Partition - 00     05     Extended             14001 MB offset 1881610240
    22:49:47.882    Disk 0 Partition 5 00     27 Hidden NTFS WinRE NTFS        14000 MB offset 948099072
    22:49:47.927    Disk 0 scanning C:\Windows\system32\drivers
    22:49:55.657    Service scanning
    22:50:16.621    Modules scanning
    22:50:16.635    Disk 0 trace - called modules:
    22:50:16.661    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:50:16.666    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fd1060]
    22:50:16.672    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800425a050]
    22:50:16.678    Scan finished successfully
    22:50:50.967    Disk 0 MBR has been saved successfully to "C:\Users\Danielle\Desktop\MBR.dat"
    22:50:50.981    The log file has been saved successfully to "C:\Users\Danielle\Desktop\aswMBR.txt"
    22:51:17.430    Disk 0 MBR has been saved successfully to "C:\Users\Danielle\Desktop\MBR.dat"
    22:51:17.435    The log file has been saved successfully to "C:\Users\Danielle\Desktop\Three.txt"

    Logged
    melboy
    Moderator
    Hero Member
    *****
    Offline Offline

    Date Registered:April 02, 2009, 02:56:03 AM
    Posts: 756



    « Reply #5 on: April 16, 2012, 02:18:53 PM »

    Hi


    Temporarily disable Malwarebytes' Anti-malware (mbam)
     
    We need to temporarily disable mbam's realtime protection so it doesn't interfere with any fixes.

    • Right click the mbam system tray icon
    • Uncheck Start with windows
    • Uncheck Enable protection & click Yes to the prompt
    • Reboot your computer for the changes to take effect.
    .


    ComboFix (by sUBs)

    Please visit this webpage for instructions for downloading and running ComboFix:
    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
      For instructions on how to disable your security programs, please see this topic:
      How to disable your security applications

    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log.  Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..
    .
    A word of warning: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper. Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

    Logged

    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #6 on: April 16, 2012, 03:17:11 PM »

    ComboFix 12-04-16.02 - Danielle 16/04/2012  21:07:30.4.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4009.2513 [GMT 1:00]
    Running from: c:\users\Danielle\Downloads\ComboFix.exe
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    D:\install.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2012-03-16 to 2012-04-16  )))))))))))))))))))))))))))))))
    .
    .
    2012-04-16 20:13 . 2012-04-16 20:13   --------   d-----w-   c:\users\Public\AppData\Local\temp
    2012-04-16 20:13 . 2012-04-16 20:13   --------   d-----w-   c:\users\Default\AppData\Local\temp
    2012-04-11 16:47 . 2012-04-11 16:47   --------   d-----w-   c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-04-11 06:52 . 2012-03-06 06:53   5559152   ----a-w-   c:\windows\system32\ntoskrnl.exe
    2012-04-11 06:52 . 2012-03-06 05:59   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-11 06:52 . 2012-03-06 05:59   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
    2012-04-11 06:50 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
    2012-04-11 06:50 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
    2012-04-11 06:50 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
    2012-04-11 06:50 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
    2012-04-11 06:50 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
    2012-04-11 06:50 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
    2012-04-11 06:50 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
    2012-03-31 19:26 . 2012-03-31 21:04   --------   d-----w-   c:\users\Danielle\AppData\Roaming\uTorrent
    2012-03-28 20:45 . 2012-03-28 20:45   --------   d-----w-   c:\users\Danielle\AppData\Local\theHunter
    2012-03-28 17:08 . 2012-03-28 20:43   --------   d-----w-   c:\program files (x86)\theHunter
    2012-03-28 15:43 . 2012-03-28 15:43   53248   ----a-r-   c:\users\Danielle\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
    2012-03-28 15:15 . 2012-03-28 15:15   --------   d-----w-   c:\users\Danielle\AppData\Local\Downloaded Installations
    2012-03-26 22:37 . 2012-03-26 22:37   --------   d-----w-   c:\windows\en
    2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\de
    2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\fr
    2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\es
    2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\it
    2012-03-26 22:36 . 2012-03-26 22:36   --------   d-----w-   c:\windows\nl
    2012-03-26 22:31 . 2012-03-26 22:31   15712   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\3c5706571cd0ba001\MeshBetaRemover.exe
    2012-03-26 16:06 . 2012-03-26 16:06   --------   d-----w-   c:\program files (x86)\Common Files\Java
    2012-03-26 16:05 . 2012-03-26 16:05   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
    2012-03-26 16:05 . 2012-03-26 16:05   --------   d-----w-   c:\program files (x86)\Java
    2012-03-19 16:35 . 2012-04-11 16:48   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-19 16:35 . 2012-04-04 14:56   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2012-03-18 22:34 . 2012-03-18 22:34   --------   d-----w-   C:\$AVG
    2012-03-18 21:54 . 2012-03-18 21:54   --------   d-----w-   c:\users\Danielle\AppData\Roaming\AVG2012
    2012-03-18 21:54 . 2012-03-18 21:54   --------   d--h--w-   c:\programdata\Common Files
    2012-03-18 21:54 . 2012-03-18 21:54   --------   d-----w-   c:\windows\SysWow64\drivers\AVG
    2012-03-18 21:53 . 2012-04-16 17:33   --------   d-----w-   c:\windows\system32\drivers\AVG
    2012-03-18 21:53 . 2012-03-18 22:05   --------   d-----w-   c:\programdata\AVG2012
    2012-03-18 21:53 . 2012-03-18 21:53   --------   d-----w-   c:\program files (x86)\AVG
    2012-03-18 21:43 . 2012-04-16 19:55   --------   d-----w-   c:\programdata\MFAData
    2012-03-17 22:33 . 2012-03-17 22:33   592824   ----a-w-   c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-17 22:33 . 2012-03-17 22:33   44472   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozglue.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-26 22:33 . 2010-06-24 18:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-02-23 09:18 . 2010-11-21 03:27   279656   ------w-   c:\windows\system32\MpSigStub.exe
    2012-02-17 17:00 . 2012-02-17 17:00   388096   ----a-r-   c:\users\Danielle\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-17 06:38 . 2012-03-14 11:20   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-14 11:20   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-14 11:20   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-14 11:20   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
    2012-02-14 11:09 . 2012-02-14 11:09   1070352   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
    2012-02-10 06:36 . 2012-03-14 11:28   1544192   ----a-w-   c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-14 11:28   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
    2012-02-08 07:13 . 2012-03-16 23:08   8643640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD46CA70-7B62-4358-8CC2-902D75BD760E}\mpengine.dll
    2012-02-03 04:34 . 2012-03-14 11:28   3145728   ----a-w-   c:\windows\system32\win32k.sys
    2012-01-25 06:38 . 2012-03-14 11:20   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
    2012-01-25 06:38 . 2012-03-14 11:20   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
    2012-01-25 06:33 . 2012-03-14 11:20   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
    2012-01-19 08:23 . 2012-02-27 13:29   339320   ----a-w-   c:\windows\SysWow64\HMIPCore.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-20 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-30 48752]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
    "DeskUpdateNotifier"="c:\fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe" [2010-10-13 97560]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "YouCam Mirror Tray icon"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2009-07-08 162912]
    "MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-03-29 408576]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys
    R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 136176]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys
    R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys
    R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
    S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
    S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
    S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-03-29 9216]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys
    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 15:42]
    .
    2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-20 15:42]
    .
    2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152382239-2671259734-3952804028-1000Core.job
    - c:\users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 15:21]
    .
    2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2152382239-2671259734-3952804028-1000UA.job
    - c:\users\Danielle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-20 15:21]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
    "FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
    "PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
    "PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2010-07-16 162416]
    "LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2010-07-09 21616]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://ts.fujitsu.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube to iPod Converter - c:\users\Danielle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{1110752A-7E96-4F3A-978A-8401E5161ECC}: NameServer = 88.82.13.12 88.82.13.12
    TCP: Interfaces\{1CF4B797-729F-4F25-872B-25359B77683F}: NameServer = 88.82.13.44 88.82.13.44
    TCP: Interfaces\{985B41EC-C0A4-4FDA-B231-13F3ACE1F4B4}: NameServer = 88.82.13.60 88.82.13.60
    FF - ProfilePath - c:\users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\apoax222.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-04-16  21:15:55
    ComboFix-quarantined-files.txt  2012-04-16 20:15
    .
    Pre-Run: 13,488,050,176 bytes free
    Post-Run: 14,355,238,912 bytes free
    .
    - - End Of File - - ED96A69E934691191689F2D913E50C3B
    Logged
    melboy
    Moderator
    Hero Member
    *****
    Offline Offline

    Date Registered:April 02, 2009, 02:56:03 AM
    Posts: 756



    « Reply #7 on: April 16, 2012, 04:34:59 PM »

    Hi

    Quote
    The only problem I seem to have is a computer running slowly and popups when, but is enough to make me feel that something is up.

    Can you describe the popups, when you get them, what they are etc.
    Logged

    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #8 on: April 16, 2012, 04:41:48 PM »

    Mostly they're just blank, or something with some random writing in it, but other time I'll get pop-ups relative to what I'm on and random ads.
    Logged
    melboy
    Moderator
    Hero Member
    *****
    Offline Offline

    Date Registered:April 02, 2009, 02:56:03 AM
    Posts: 756



    « Reply #9 on: April 16, 2012, 04:46:49 PM »

    Are you browsing at the time - is it specific to one browser or does it happen in any?
    Logged

    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #10 on: April 16, 2012, 04:49:49 PM »

    Yes. I'm browsing at the time and it happens on firefox.
    Logged
    melboy
    Moderator
    Hero Member
    *****
    Offline Offline

    Date Registered:April 02, 2009, 02:56:03 AM
    Posts: 756



    « Reply #11 on: April 16, 2012, 05:02:56 PM »

    Only firefox - not IE?
    Logged

    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #12 on: April 16, 2012, 05:07:35 PM »

    I don't use IE.

    I was just looking through google just now and I some articles about an About:Blank virus. The blank pop-ups I get usually say About:Blank.
    Logged
    melboy
    Moderator
    Hero Member
    *****
    Offline Offline

    Date Registered:April 02, 2009, 02:56:03 AM
    Posts: 756



    « Reply #13 on: April 16, 2012, 05:10:39 PM »

    That particular malware hasn't been around for a while - It's not that.

    Do the popups happen when using chrome?


    OTL

    Download OTL by Old Timer and save it to your Desktop.

    • Double click on OTL.exe to run it.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.
    Logged

    Hamturk
    Jr. Member
    **
    Offline Offline

    Date Registered:March 19, 2012, 02:54:59 AM
    Posts: 77


    « Reply #14 on: April 16, 2012, 05:14:34 PM »

    No I've been using it to talk with you here and not had any popups.
    Logged
    Pages: [1] 2 3 ... 6   Go Up
      Print  
     
    Jump to:  


    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!