« previous next »
Pages: [1]   Go Down

Author Topic: Trojan.Agent/Gen-FakeAV  (Read 391 times)

0 Members and 1 Guest are viewing this topic.

Offline lotodig

  • Jr. Member
  • **
  • Posts: 61
Trojan.Agent/Gen-FakeAV
« on: September 25, 2011, 07:29:16 PM »
I'm hoping someone will help me check and see if I was successful in getting rid of this trojan infection.

Your friend, RavenCajun over at the Gardenweb Forum suggested that I come here and check with you about making sure the trojan is all gone.

Here's what I've done

The infection was Trojan.Agent/Gen-FakeAV[InfoCard].  It showed up on a Superantispyware scan that I ran when things went haywire in a hurry.

I also ran a Malwarebyte scan,  MSE scan, Eset Online scan.  At one point I could not connect to the web, everything was completly frozen, had to do an unplug to shut down. When I rebooted I went into safemode and was able to do the eset scan. None of these scan showed anything,  I'm not sure how I got it going again, but I did.

Everything seems to be ok but  if RC recommends something I  usually pay attention.

Logged

Offline GR@PH;<'S

  • Administrator
  • Hero Member
  • *****
  • Posts: 15647
    • http://www.taktmobiles.co.uk
Re: Trojan.Agent/Gen-FakeAV
« Reply #1 on: September 25, 2011, 09:17:48 PM »
lotodig,
We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Please advise the results of the on-line scan conducted. 
Then, should you still need additional help, please post the requested logs from Log Posting Instructions as a reply.

GR@PH;<'S   :Hammys pint:
Logged
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

Offline lotodig

  • Jr. Member
  • **
  • Posts: 61
Re: Trojan.Agent/Gen-FakeAV
« Reply #2 on: September 25, 2011, 09:54:32 PM »
The results from the online ESET scan that I did was 0 viruses. I did the extended scan.  Do you think I need to do the procedures that are in the Log Posting Instructions?

Thanks for your help
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan.Agent/Gen-FakeAV
« Reply #3 on: September 25, 2011, 10:10:37 PM »
Hi, Iotodig.

You can skip the other steps if you wish, but unless I can review a log (either the DDS.scr logs or RSIT logs), I cannot advise you. 

(GW Thread:  http://ths.gardenweb.com/forums/load/comphelp/msg091227027438.html?7 )
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline lotodig

  • Jr. Member
  • **
  • Posts: 61
Re: Trojan.Agent/Gen-FakeAV
« Reply #4 on: September 25, 2011, 10:33:40 PM »
Here are the logs from the RSIT.

Logfile of random's system information tool 1.09 (written by random/random)
Run by gabe at 2011-09-25 17:26:39
Microsoft® Windows Vista™ Ultimate  Service Pack 2
System drive C: has 546 GB (78%) free of 701 GB
Total RAM: 4085 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:26:49 PM, on 09/25/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\EasyBloom\EasyBloom.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\incredimail\Bin\ImApp.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Program Files (x86)\real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\incredimail\bin\IncMail.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
C:\Users\gabe\AppData\Local\Amazon\Kindle For PC\application\KindleForPC.exe
C:\Program Files\trend micro\gabe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\gabe\AppData\Roaming\Mozilla\Firefox\Profiles\6bic73zo.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.79.dll (file missing)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\IEPro\IEProRecorder.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files (x86)\incredimail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PlantSenseSysAgent] "C:\Program Files (x86)\EasyBloom\EasyBloom.exe"
O4 - Startup: FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe
O4 - Global Startup: SanDisk Media Manager.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\incredimail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files (x86)\ShadowExplorer\sesvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O24 - Desktop Component 0: (no name) - AD0FABD2-7EAE-40B8-8F44-6FCFE6C883CD

--
End of file - 12932 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\EasyBloom\EasyBloom.exe"
"C:\hp\support\hpsysdrv.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE"
"C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
"C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" -expressboot
"C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe" /autorun
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe"
C:\Windows\ehome\ehmsas.exe -Embedding
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe"
taskeng.exe {065295C9-DDF9-4EA5-9F89-4A0869122F61}
taskeng.exe {240D92D2-5ADB-4C36-AADA-7EA305482532}
"C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe"
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Macrium\Reflect\ReflectService.exe"
"C:\Program Files (x86)\ShadowExplorer\sesvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4f9a9e71-2ad4-4664-83f4-b407c169f49e -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ecfda427-61fa-4996-97e7-d69ba83c184f -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-83fb468e-f0d2-4728-9914-449d5a9d7e79 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c15bb986-86ab-4abc-9bc9-74b7b5e0c045
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\incredimail\Bin\ImApp.exe" -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
taskeng.exe {E47EBD42-9A15-4BE2-97F6-4C7BF0DFD027}
C:\Windows\system32\DllHost.exe /Processid:{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}
"C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\firefox.exe" http://ths.gardenweb.com/forums/comphelp/
"C:\Program Files (x86)\real\RealPlayer\update\realsched.exe" -restart
"C:\Program Files (x86)\incredimail\bin\IncMail.exe" /c
"C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugin-container.exe" --channel=10272.528ae780.455832304 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" - -omnijar C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\omni.jar 10272 \\.\pipe\gecko-crash-server-pipe.10272 plugin
"C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\plugin-container.exe" --channel=10272.54440280.152133597 "C:\Users\gabe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll" - -omnijar C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 1\omni.jar 10272 \\.\pipe\gecko-crash-server-pipe.10272 plugin
splwow64
"C:\Users\gabe\AppData\Local\Amazon\Kindle For PC\application\KindleForPC.exe" "C:\Users\gabe\Desktop\ALL PHOTO PROGAMS\06 15 2011\The Ranch at the Wolverine.prc"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe306_ Global\UsGthrCtrlFltPipeMssGthrPipe306 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\gabe\Desktop\RSITx64.exe"
"C:\Users\gabe\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\AutoSmartDefrag.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDRScheduledMaintenance.job
C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-183848497-3778990327-3186989207-1000.job
C:\Windows\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}]
LastPass Browser Helper Object - C:\Program Files (x86)\LastPass\LPBar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll [2010-09-17 317496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-08-01 75656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files (x86)\IEPro\iepro.dll [2010-06-02 777392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-06-01 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}]
WOT Helper - C:\Program Files (x86)\WOT\WOT.dll [2008-09-15 1421984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Program Files (x86)\LastPass\LPBar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files (x86)\WOT\WOT.dll [2008-09-15 1421984]
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Users\gabe\AppData\Roaming\Mozilla\Firefox\Profiles\6bic73zo.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.79.dll []
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files (x86)\IEPro\IEProRecorder.dll [2010-06-02 662736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-06-11 178712]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 1381208]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 2206280]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 154648]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 227352]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 202264]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files (x86)\incredimail\bin\IncMail.exe [2011-02-26 353736]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-22 39408]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"PlantSenseSysAgent"=C:\Program Files (x86)\EasyBloom\EasyBloom.exe [2010-03-24 996704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CalibrizeResume]
C:\Program Files (x86)\Calibrize\CalibrizeResume.exe [2007-11-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^gabe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hpqtra08.exe]
C:\Users\gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"VolPanel"=C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2007-04-17 184320]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 81920]
"TkBellExe"=c:\program files (x86)\real\realplayer\Update\realsched.exe [2011-06-01 273544]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-11 1085440]
"ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]
"WinPatrol"=C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [2011-05-15 325512]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SanDisk Media Manager.lnk -

C:\Users\gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
FastStone Capture.lnk - C:\Program Files (x86)\FastStone Capture\FSCapture.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 230400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\IEPro\MiniDM.exe"="C:\Program Files (x86)\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-25 17:26:40 ----D---- C:\Program Files\trend micro
2011-09-25 14:55:08 ----D---- C:\Users\gabe\AppData\Roaming\Unity
2011-09-23 15:31:01 ----A---- C:\Windows\ntbtlog.txt
2011-09-17 10:51:48 ----D---- C:\Users\gabe\AppData\Roaming\WinPatrol
2011-09-17 10:51:37 ----D---- C:\ProgramData\InstallMate
2011-09-17 10:51:37 ----D---- C:\Program Files (x86)\BillP Studios
2011-08-27 11:51:39 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-08-27 11:51:39 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 month======

2011-09-25 17:26:49 ----D---- C:\Windows\Prefetch
2011-09-25 17:26:40 ----RD---- C:\Program Files
2011-09-25 17:26:23 ----D---- C:\Windows\temp
2011-09-25 13:50:20 ----D---- C:\Windows\Tasks
2011-09-25 13:50:11 ----D---- C:\ProgramData\Google Updater
2011-09-25 10:36:58 ----D---- C:\Windows\tracing
2011-09-24 20:03:15 ----SHD---- C:\System Volume Information
2011-09-24 15:00:48 ----D---- C:\Windows\SYSWOW64\drivers
2011-09-24 12:13:16 ----AD---- C:\ProgramData\TEMP
2011-09-24 12:09:51 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-23 19:24:00 ----D---- C:\Windows\System32
2011-09-23 19:24:00 ----D---- C:\Windows\inf
2011-09-23 19:24:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-09-23 15:31:01 ----D---- C:\Windows
2011-09-23 11:46:40 ----D---- C:\Windows\system32\Msdtc
2011-09-23 11:46:35 ----D---- C:\Windows\system32\wbem
2011-09-23 11:44:45 ----D---- C:\Windows\system32\config
2011-09-23 11:44:34 ----D---- C:\Windows\system32\Tasks
2011-09-23 11:44:34 ----D---- C:\Windows\system32\spool
2011-09-23 11:44:34 ----D---- C:\Windows\system32\catroot2
2011-09-23 11:44:32 ----D---- C:\Windows\registration
2011-09-23 11:44:29 ----D---- C:\ProgramData\Real
2011-09-18 17:44:42 ----SHD---- C:\Windows\Installer
2011-09-18 15:07:40 ----D---- C:\Users\gabe\AppData\Roaming\Adobe
2011-09-17 12:28:01 ----D---- C:\Windows\SysWOW64
2011-09-17 10:51:37 ----RD---- C:\Program Files (x86)
2011-09-17 10:51:37 ----D---- C:\ProgramData
2011-09-16 23:41:14 ----D---- C:\Program Files (x86)\SpywareBlaster
2011-09-15 09:20:57 ----D---- C:\Windows\winsxs
2011-09-15 09:12:40 ----D---- C:\Windows\system32\catroot
2011-09-15 09:11:49 ----D---- C:\Program Files\Windows Mail
2011-09-15 09:11:49 ----D---- C:\Program Files (x86)\Windows Mail
2011-09-14 23:14:03 ----D---- C:\Windows\Debug
2011-09-14 23:13:58 ----A---- C:\Windows\system32\mrt.exe
2011-09-12 18:51:47 ----D---- C:\Users\gabe\AppData\Roaming\Dropbox
2011-09-03 09:13:18 ----D---- C:\Windows\rescache
2011-09-01 23:42:14 ----D---- C:\Program Files (x86)\CCleaner
2011-08-27 11:53:09 ----D---- C:\Windows\SYSWOW64\en-US
2011-08-27 11:53:03 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2009-04-11 160744]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2008-06-10 395800]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\Windows\system32\DRIVERS\BrSerIf.sys [2006-12-12 97280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-02-26 10276352]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 15752]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [2008-12-04 33160]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2009-09-02 221696]
R3 t3;Sound Blaster X-Fi Xtreme Audio (Vista); C:\Windows\system32\drivers\t3.sys [2008-10-17 630272]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 41984]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 108544]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 145408]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 42496]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 6144]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-10-27 30208]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 7936]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-09-09 25888]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2007-04-03 1418112]
S3 PSMounter;Macrium Reflect Image Explorer Service; \??\C:\Windows\system32\drivers\psmounter.sys [2011-01-17 40600]
S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys [2008-10-09 5120]
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 usbser;EasyBloom Plant Sensor Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 32768]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-11 36864]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 46592]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 438328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2007-05-22 311296]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-11 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-01-17 301720]
R2 sesvc;ShadowExplorer Service; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [2009-06-15 9728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 27648]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 27648]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 27648]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2008-01-20 27648]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-31 651720]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 AutoSyncService;Memeo AutoSync ; C:\Program Files (x86)\Memeo\AutoSync\MemeoService.exe [2007-07-06 31768]

-----------------EOF-----------------
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan.Agent/Gen-FakeAV
« Reply #5 on: September 26, 2011, 02:25:14 AM »
Your log looks fine.  You can do the following if you wish for a bit of cleanup, but it isn't necessary:

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Click on Fix Checked when finished and exit HijackThis.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline lotodig

  • Jr. Member
  • **
  • Posts: 61
Re: Trojan.Agent/Gen-FakeAV
« Reply #6 on: September 26, 2011, 04:00:57 AM »
Thank you Corrine, I am relieved that all is ok.

Can you offer any suggestion about how I can find the missing FireFox addon's icons?  I lost them when my machine crashed with the virus.  I could maybe uninstall and then reinstall the ones I want and hope the icons will show up, but there is one that had some info that I would like to recover, its The 'READ LATER' addon. I have the little yellow arrow in the address bar that is clicked on to save a page, but the icon that has to be clicked on to bring up the list of saved page/item is no where to be found.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan.Agent/Gen-FakeAV
« Reply #7 on: September 26, 2011, 02:12:50 PM »
Hi, lotodig.

As zep516 mentioned in your thread at GW, you are running an outdated version of Firefox:  Mozilla Firefox 4.0 Beta 1.  Not only that, unless you have a good backup, I do not recommend running beta software on your computer.  Firefox is on a fast-track update schedule, with the current version being 6.0.2 and version 7.0 scheduled for release this week. 

The first step to locate the missing icons is to right-click on the Firefox toolbar and select "Customize".  From there, you can add or remove items by dragging them to/from the toolbar.

In the event that does not work, the next step in trouble-shooting would be to open the Add-ons page and check for "options" for the missing icons.  There may be a setting there to add the icon.  If not, I suggest removing the damaged add-ons and reinstalling them.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline lotodig

  • Jr. Member
  • **
  • Posts: 61
Re: Trojan.Agent/Gen-FakeAV
« Reply #8 on: September 26, 2011, 03:39:05 PM »
Corrine, I will heed the advice from you and Zep and upgrade to FF 6. Guess I'll have to do the reinstall thing on the icons since I had tried all the other suggestions.


 Again, thanks very much for your help.
Logged

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: Trojan.Agent/Gen-FakeAV
« Reply #9 on: September 26, 2011, 04:40:10 PM »
You're welcome, lotodig. 
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Pages: [1]   Go Up
« previous next »