Windows 7 forum

Question

how do i completely get rid of a trojan?

by sanfordgirl / November 2, 2011 5:02 AM PDT

i stupidly downloaded imesh and my mcaffee detected the trojan but it doesnt detect it as a threat which is so confusing because isnt mcafee is suppost to be a security software...? anyway i downloaded other softwares like spybot, super anti spyware emisoft, avg, malwarebytes and all kinds of other ones but they dont detect anyting! i finally downloaded trojan remover 6.8.2 and it renamed the file or quarantied it or something and i shred those but how am i sure that its wiped off my pc? i shred some files named imesh and idk what else but i just want to make sure my computer is safe! help!

Discussion is locked
You are posting a reply to: how do i completely get rid of a trojan?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: how do i completely get rid of a trojan?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
Answer
I like Grif's advice.
by R. Proffitt Forum moderator / November 2, 2011 5:11 AM PDT

If the titles Grif notes at 7726-6132_102-5098912.html?tag=posts;msg5099421
come up clean then I'll say it's gone.

The problem with imesh isn't so much the app (unless it's infected) but the content it transfers.

For now my only added advice is to uninstall SPYBOT. And if you installed both mcaffee and AVG I suggest you pick one then uninstall both and install the one.
Bob

Collapse -
Answer
For the most part
by Jimmy Greystone / November 2, 2011 10:45 AM PDT

For the most part you can't short of formatting. You may be able to get rid of the trojan itself, but until you format you don't know for certain whether or not it installed any secondary infections on your system. Then any of THOSE could have installed tertiary infections, and so on.

Collapse -
Answer
Kaspersky Rescue Disk 10
by KenHusveg / November 2, 2011 11:14 AM PDT
Collapse -
Answer
Did McAfee detect it as Artemis! ??
by Carol~ Forum moderator / November 3, 2011 9:23 AM PDT

IF so, it would be (extremely) important to know.

Collapse -
imesh trojan
by sanfordgirl / November 3, 2011 5:33 PM PDT

no it just shows it on the scan report as a trojan without any other specifics but i cant remove it or anything...i dont know what to do....i used a trojan remover 6.8.2 but even after a bunch of scans and system restore and shredding of all its imesh files it still shows its media bar on my firefox toolbar options...ive used spyware,malwarebytes,episoft,superantispyware and avg after my mcafee...and its still there

Collapse -
To remove it..
by Carol~ Forum moderator / November 4, 2011 6:12 AM PDT
In reply to: imesh trojan

sanfordgirl..

Did you first go to "Programs and Features" and try to uninstall it from there? If not, you may find it listed as Imesh and/or MediaBar.

If it remains after a reboot, I would highly recommend trying the Revo Uninstaller (free). Again, it may be listed as Imesh, MediaBar or possibly Media Search. You shouldn't have a problem removing it with Revo.

IF the Revo Uninstaller fails to remove it in its entirety, launch FF and go to Tools>Add-ons. Select Extensions and look for it there. If you see "DataMngr" listed, remove that too.

I don't know how you have FF set up, but if you have a search box on the top (right), click on the little down arrow and choose "Manage Search Engines". If Imesh/MediaBar/Web Search are on the list, highlight it and select remove.

If after trying the above, you still haven't had any luck, please post back and let us know. There are other things you can try.

Best of luck..
Carol

Collapse -
trojan log file
by sanfordgirl / November 4, 2011 8:06 AM PDT
In reply to: To remove it..

**i ran trojan remover6.8.2 and this is the log

***** NORMAL SCAN FOR ACTIVE MALWARE *****Trojan Remover Ver 6.8.2.2600. For information, email support@simplysup.com[Unregistered version]Scan started at: 1:20:24 AM 03 Nov 2011Using Database v7749Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]File System: NTFSUAC is ENABLED [default level]UserData directory: C:\Users\Maria\AppData\Roaming\Simply Super Software\Trojan Remover\Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\Logfile directory: C:\Users\Maria\Documents\Simply Super Software\Trojan Remover Logfiles\Program directory: C:\Program Files (x86)\Trojan Remover\Running with Administrator privileges************************************************************************************************************************1:20:24 AM: ----- SCANNING FOR ROOTKIT SERVICES -----No hidden Services were detected.************************************************************1:20:26 AM: Scanning -----WINDOWS REGISTRY-------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon--------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogonThis key's "Shell" value calls the following program(s):Key value: [explorer.exe]File: explorer.exeC:\Windows\system32\explorer.exe2616320 bytesCreated: 4/26/2011 2:39 PMModified: 2/24/2011 10:30 PMCompany: Microsoft Corporation----------This key's "Userinit" value calls the following program(s):Key value: [userinit.exe]File: userinit.exeC:\Windows\system32\userinit.exe26624 bytesCreated: 7/7/2011 7:02 PMModified: 11/20/2010 5:17 AMCompany: Microsoft Corporation------------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows--------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows--------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunValue Name: hpsysdrvValue Data: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exec:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe62768 bytesCreated: 11/20/2008 10:47 AMModified: 11/20/2008 10:47 AMCompany: Hewlett-Packard--------------------Value Name: HP Remote SolutionValue Data: %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe - [file not found to scan]--------------------Value Name: NortonOnlineBackupReminderValue Data: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDC:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe600936 bytesCreated: 6/29/2009 2:01 PMModified: 6/29/2009 2:01 PMCompany: Symantec Corporation--------------------Value Name: ArcSoft Connection ServiceValue Data: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe207360 bytesCreated: 12/26/2010 3:53 PMModified: 3/18/2010 11:19 AMCompany: ArcSoft Inc.--------------------Value Name: mcui_exeValue Data: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyC:\Program Files\McAfee.com\Agent\mcagent.exe1674896 bytesCreated: 11/2/2011 10:05 PMModified: 9/16/2011 6:38 PMCompany: McAfee, Inc.--------------------Value Name: HP Software UpdateValue Data: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeC:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe49208 bytesCreated: 3/12/2010 1:08 PMModified: 3/12/2010 1:08 PMCompany: Hewlett-Packard--------------------Value Name: Value Data: Blank entry: []--------------------Value Name: QuickTime TaskValue Data: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeC:\Program Files (x86)\QuickTime\QTTask.exe421888 bytesCreated: 11/29/2010 5:38 PMModified: 11/29/2010 5:38 PMCompany: Apple Inc.--------------------Value Name: iTunesHelperValue Data: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"C:\Program Files (x86)\iTunes\iTunesHelper.exe421160 bytesCreated: 4/27/2011 1:22 AMModified: 4/27/2011 1:22 AMCompany: Apple Inc.--------------------Value Name: Adobe ARMValue Data: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe937920 bytesCreated: 6/6/2011 12:55 PMModified: 6/6/2011 12:55 PMCompany: Adobe Systems Incorporated--------------------Value Name: SunJavaUpdateSchedValue Data: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe254696 bytesCreated: 6/9/2011 1:06 PMModified: 6/9/2011 1:06 PMCompany: Sun Microsystems, Inc.--------------------Value Name: TrojanScannerValue Data: C:\Program Files (x86)\Trojan Remover\Trjscan.exe /bootC:\Program Files (x86)\Trojan Remover\Trjscan.exe1233856 bytesCreated: 11/3/2011 12:08 AMModified: 5/18/2011 6:32 PMCompany: Simply Super Software--------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceThis Registry Key appears to be empty--------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunThis Registry Key appears to be empty--------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceThis Registry Key appears to be empty************************************************************1:20:35 AM: Scanning -----SHELLEXECUTEHOOKS-----ShellExecuteHooks key is empty************************************************************1:20:35 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----Taskdir check completed----------No Hidden File-loading Registry Entries found----------************************************************************1:20:35 AM: Scanning -----ACTIVE SCREENSAVER-----ScreenSaver: C:\Windows\system32\scrnsave.scrC:\Windows\Sysnative\scrnsave.scr11264 bytesCreated: 7/13/2009 4:56 PMModified: 7/13/2009 6:38 PMCompany: Microsoft Corporation--------------------************************************************************1:20:36 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}Path: %SystemRoot%\system32\unregmp2.exe /ShowWMPC:\Windows\Sysnative\unregmp2.exe323584 bytesCreated: 7/13/2009 5:23 PMModified: 7/13/2009 6:39 PMCompany: Microsoft Corporation----------Key: >{26923b43-4d38-484f-9b9e-de460746276c}Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfigC:\Windows\SysWOW64\ie4uinit.exe74240 bytesCreated: 7/13/2011 1:48 AMModified: 7/13/2011 1:48 AMCompany: Microsoft Corporation----------Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllC:\Windows\Sysnative\themeui.dll2851840 bytesCreated: 7/7/2011 7:03 PMModified: 11/20/2010 6:27 AMCompany: Microsoft Corporation----------Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOEC:\Program Files (x86)\Windows Mail\WinMail.exeKey: {6BF52A52-394A-11d3-B153-00C04F79FAA6}Path: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUIC:\Windows\Sysnative\unregmp2.exe323584 bytesCreated: 7/13/2009 5:23 PMModified: 7/13/2009 6:39 PMCompany: Microsoft Corporation----------Key: {89820200-ECBD-11cf-8B85-00AA005B4383}Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettingsC:\Windows\SysWOW64\ie4uinit.exe74240 bytesCreated: 7/13/2011 1:48 AMModified: 7/13/2011 1:48 AMCompany: Microsoft Corporation----------Key: {89B4C1CD-B018-4511-B0A1-5476DBF70820}Path: C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,InstallC:\Windows\SysWOW64\mscories.dll80720 bytesCreated: 7/7/2011 7:02 PMModified: 11/4/2010 6:58 PMCompany: Microsoft Corporation----------************************************************************1:20:37 AM: Scanning ----- SERVICEDLL REGISTRY KEYS -----************************************************************1:20:40 AM: Scanning ----- SERVICES REGISTRY KEYS -----Key: ACDaemonImagePath: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe113152 bytesCreated: 12/26/2010 3:53 PMModified: 3/18/2010 11:19 AMCompany: ArcSoft Inc.----------Key: AdobeARMserviceImagePath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe64952 bytesCreated: 6/6/2011 12:55 PMModified: 6/6/2011 12:55 PMCompany: Adobe Systems Incorporated----------Key: amdsataImagePath: \SystemRoot\system32\drivers\amdsata.sysC:\Windows\Sysnative\drivers\amdsata.sys107904 bytesCreated: 4/26/2011 2:39 PMModified: 3/10/2011 11:41 PMCompany: Advanced Micro Devices----------Key: amdxataImagePath: system32\drivers\amdxata.sysC:\Windows\Sysnative\drivers\amdxata.sys27008 bytesCreated: 4/26/2011 2:39 PMModified: 3/10/2011 11:41 PMCompany: Advanced Micro Devices----------Key: Apple Mobile DeviceImagePath: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe37664 bytesCreated: 2/18/2011 4:37 PMModified: 2/18/2011 4:37 PMCompany: Apple Inc.----------Key: atapiImagePath: \SystemRoot\system32\drivers\atapi.sysC:\Windows\Sysnative\drivers\atapi.sys24128 bytesCreated: 7/13/2009 4:19 PMModified: 7/13/2009 6:52 PMCompany: Microsoft Corporation----------Key: b06bdrvImagePath: \SystemRoot\system32\DRIVERS\bxvbda.sysC:\Windows\Sysnative\DRIVERS\bxvbda.sys468480 bytesCreated: 6/10/2009 1:34 PMModified: 6/10/2009 1:34 PMCompany: Broadcom Corporation----------Key: b57nd60aImagePath: system32\DRIVERS\b57nd60a.sysC:\Windows\Sysnative\DRIVERS\b57nd60a.sys270848 bytesCreated: 6/10/2009 1:34 PMModified: 6/10/2009 1:34 PMCompany: Broadcom Corporation----------Key: Bonjour ServiceImagePath: "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"C:\Program Files (x86)\Bonjour\mDNSResponder.exe349472 bytesCreated: 4/6/2011 4:20 PMModified: 4/6/2011 4:20 PMCompany: Apple Inc.----------Key: BVRPMPR5a64ImagePath: \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYSC:\Windows\Sysnative\drivers\BVRPMPR5a64.SYS-R- 35840 bytesCreated: 3/20/2011 2:50 PMModified: 6/21/2010 7:51 PMCompany: Avanquest Software----------Key: cfwidsImagePath: system32\drivers\cfwids.sysC:\Windows\Sysnative\drivers\cfwids.sys65128 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: clr_optimization_v2.0.50727_64ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe89920 bytesCreated: 7/13/2009 1:37 PMModified: 6/10/2009 1:39 PMCompany: Microsoft Corporation----------Key: clr_optimization_v4.0.30319_32ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe130384 bytesCreated: 3/18/2010 1:16 PMModified: 3/18/2010 1:16 PMCompany: Microsoft Corporation----------Key: clr_optimization_v4.0.30319_64ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe138576 bytesCreated: 3/18/2010 2:27 PMModified: 3/18/2010 2:27 PMCompany: Microsoft Corporation----------Key: CompositeBusImagePath: \SystemRoot\system32\drivers\CompositeBus.sysC:\Windows\Sysnative\drivers\CompositeBus.sys38912 bytesCreated: 7/7/2011 6:59 PMModified: 11/20/2010 3:33 AMCompany: Microsoft Corporation----------Key: cvhsvcImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE821664 bytesCreated: 10/20/2010 3:23 PMModified: 10/20/2010 3:23 PMCompany: Microsoft Corporation----------Key: ebdrvImagePath: \SystemRoot\system32\DRIVERS\evbda.sysC:\Windows\Sysnative\DRIVERS\evbda.sys3286016 bytesCreated: 6/10/2009 1:34 PMModified: 6/10/2009 1:34 PMCompany: Broadcom Corporation----------Key: FontCache3.0.0.0ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe42856 bytesCreated: 7/7/2011 7:02 PMModified: 11/4/2010 6:53 PMCompany: Microsoft Corporation----------Key: fssfltrImagePath: system32\DRIVERS\fssfltr.sysC:\Windows\Sysnative\DRIVERS\fssfltr.sys48488 bytesCreated: 3/30/2011 2:54 AMModified: 9/23/2010 12:36 AMCompany: Microsoft Corporation----------Key: fsssvcImagePath: "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe1493352 bytesCreated: 9/23/2010 12:21 AMModified: 9/23/2010 12:21 AMCompany: Microsoft Corporation----------Key: GameConsoleServiceImagePath: "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe"C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe250616 bytesCreated: 6/5/2009 5:07 PMModified: 6/5/2009 5:07 PMCompany: WildTangent, Inc.----------Key: gupdateImagePath: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svcC:\Program Files (x86)\Google\Update\GoogleUpdate.exe 136176 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google Inc.----------Key: gupdatemImagePath: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvcC:\Program Files (x86)\Google\Update\GoogleUpdate.exe 136176 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google Inc.----------Key: gusvcImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe182768 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google----------Key: HidUsbImagePath: \SystemRoot\system32\drivers\hidusb.sysC:\Windows\Sysnative\drivers\hidusb.sys30208 bytesCreated: 7/7/2011 6:59 PMModified: 11/20/2010 3:43 AMCompany: Microsoft Corporation----------Key: HP Support Assistant ServiceImagePath: "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe85560 bytesCreated: 6/21/2011 3:57 PMModified: 6/21/2011 3:57 PMCompany: Hewlett-Packard Company----------Key: HPDrvMntSvc.exeImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe94264 bytesCreated: 3/28/2011 5:07 PMModified: 3/28/2011 5:07 PMCompany: Hewlett-Packard Company----------Key: hpqwmiexImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe799800 bytesCreated: 3/28/2011 5:03 PMModified: 3/28/2011 5:03 PMCompany: Hewlett-Packard Company----------Key: iaStorVImagePath: \SystemRoot\system32\drivers\iaStorV.sysC:\Windows\Sysnative\drivers\iaStorV.sys410496 bytesCreated: 4/26/2011 2:39 PMModified: 3/10/2011 11:41 PMCompany: Intel Corporation----------Key: IDriverTImagePath: "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe69632 bytesCreated: 4/4/2005 12:41 AMModified: 4/4/2005 12:41 AMCompany: Macrovision Corporation----------Key: idsvcImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe856400 bytesCreated: 7/7/2011 7:02 PMModified: 11/4/2010 6:52 PMCompany: Microsoft Corporation----------Key: IntcAzAudAddServiceImagePath: system32\drivers\RTKVHD64.sysC:\Windows\Sysnative\drivers\RTKVHD64.sys2004128 bytesCreated: 4/14/2010 10:57 AMModified: 9/15/2009 12:08 PMCompany: Realtek Semiconductor Corp.----------Key: iPod ServiceImagePath: "C:\Program Files (x86)\iPod\bin\iPodService.exe"C:\Program Files (x86)\iPod\bin\iPodService.exe934176 bytesCreated: 4/27/2011 1:23 AMModified: 4/27/2011 1:23 AMCompany: Apple Inc.----------Key: kbdclassImagePath: \SystemRoot\system32\drivers\kbdclass.sysC:\Windows\Sysnative\drivers\kbdclass.sys50768 bytesCreated: 7/13/2009 4:19 PMModified: 7/13/2009 6:48 PMCompany: Microsoft Corporation----------Key: kbdhidImagePath: \SystemRoot\system32\drivers\kbdhid.sysC:\Windows\Sysnative\drivers\kbdhid.sys33280 bytesCreated: 7/7/2011 6:59 PMModified: 11/20/2010 3:33 AMCompany: Microsoft Corporation----------Key: ksthunkImagePath: \SystemRoot\system32\drivers\ksthunk.sysC:\Windows\Sysnative\drivers\ksthunk.sys20992 bytesCreated: 7/13/2009 5:00 PMModified: 7/13/2009 5:00 PMCompany: Microsoft Corporation----------Key: LightScribeServiceImagePath: "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe73728 bytesCreated: 8/20/2009 1:34 PMModified: 8/20/2009 1:34 PMCompany: Hewlett-Packard Company----------Key: massfilterImagePath: system32\drivers\massfilter.sysC:\Windows\Sysnative\drivers\massfilter.sys11776 bytesCreated: 2/3/2011 5:29 PMModified: 4/15/2008 11:17 AMCompany: MBB Incorporated----------Key: McODSImagePath: "C:\Program Files\McAfee\VirusScan\mcods.exe"C:\Program Files\McAfee\VirusScan\mcods.exe501768 bytesCreated: 6/7/2011 1:08 AMModified: 3/17/2011 4:39 PMCompany: McAfee, Inc.----------Key: McShieldImagePath: "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe199008 bytesCreated: 2/4/2011 11:19 PMModified: 10/6/2011 4:37 PMCompany: McAfee, Inc.----------Key: mfeapfkImagePath: system32\drivers\mfeapfk.sysC:\Windows\Sysnative\drivers\mfeapfk.sys158584 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: mfeavfkImagePath: system32\drivers\mfeavfk.sysC:\Windows\Sysnative\drivers\mfeavfk.sys228752 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: mfefireImagePath: "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe"C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe208272 bytesCreated: 2/4/2011 11:19 PMModified: 8/19/2011 3:50 PMCompany: McAfee, Inc.----------Key: mfefirekImagePath: system32\drivers\mfefirek.sysC:\Windows\Sysnative\drivers\mfefirek.sys481504 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: mfehidkImagePath: system32\drivers\mfehidk.sysC:\Windows\Sysnative\drivers\mfehidk.sys642824 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: mfenlfkImagePath: system32\DRIVERS\mfenlfk.sysC:\Windows\Sysnative\DRIVERS\mfenlfk.sys75672 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: mferkdetImagePath: system32\drivers\mferkdet.sysC:\Windows\Sysnative\drivers\mferkdet.sys100904 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: mfevtpImagePath: "C:\Windows\system32\mfevtps.exe"C:\Windows\Sysnative\mfevtps.exe158832 bytesCreated: 2/4/2011 11:18 PMModified: 8/19/2011 3:59 PMCompany: McAfee, Inc.----------Key: mfewfpkImagePath: system32\drivers\mfewfpk.sysC:\Windows\Sysnative\drivers\mfewfpk.sys283744 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: MOBKbackupImagePath: "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe"C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe231224 bytesCreated: 4/13/2010 8:11 PMModified: 4/13/2010 8:11 PMCompany: McAfee, Inc.----------Key: MOBKFilterImagePath: system32\DRIVERS\MOBK.sysC:\Windows\Sysnative\DRIVERS\MOBK.sys66040 bytesCreated: 4/30/2011 3:03 AMModified: 4/13/2010 8:10 PMCompany: Mozy, Inc.----------Key: mouclassImagePath: \SystemRoot\system32\drivers\mouclass.sysC:\Windows\Sysnative\drivers\mouclass.sys49216 bytesCreated: 7/13/2009 4:19 PMModified: 7/13/2009 6:48 PMCompany: Microsoft Corporation----------Key: mssmbiosImagePath: \SystemRoot\system32\drivers\mssmbios.sysC:\Windows\Sysnative\drivers\mssmbios.sys32320 bytesCreated: 7/13/2009 4:31 PMModified: 7/13/2009 6:48 PMCompany: Microsoft Corporation----------Key: NVNETImagePath: system32\DRIVERS\nvmf6264.sysC:\Windows\Sysnative\DRIVERS\nvmf6264.sys339744 bytesCreated: 4/14/2010 10:56 AMModified: 7/30/2009 10:12 AMCompany: NVIDIA Corporation----------Key: nvstor64ImagePath: system32\DRIVERS\nvstor64.sysC:\Windows\Sysnative\DRIVERS\nvstor64.sys241696 bytesCreated: 4/14/2010 10:55 AMModified: 8/4/2009 10:45 AMCompany: NVIDIA Corporation----------Key: nvsvcImagePath: C:\Windows\system32\nvvsvc.exeC:\Windows\Sysnative\nvvsvc.exe382496 bytesCreated: 7/29/2009 10:21 AMModified: 7/29/2009 10:21 AMCompany: NVIDIA Corporation----------Key: NWADIImagePath: system32\DRIVERS\NWADIenum.sysC:\Windows\Sysnative\DRIVERS\NWADIenum.sys255488 bytesCreated: 12/19/2008 12:26 PMModified: 12/19/2008 12:26 PMCompany: Novatel Wireless Inc----------Key: NWUSBCDFIL64ImagePath: system32\DRIVERS\NwUsbCdFil64.sysC:\Windows\Sysnative\DRIVERS\NwUsbCdFil64.sys25600 bytesCreated: 4/7/2009 11:48 AMModified: 4/7/2009 11:48 AMCompany: Novatel Wireless Inc.----------Key: NWUSBModemImagePath: system32\DRIVERS\nwusbmdm.sysC:\Windows\Sysnative\DRIVERS\nwusbmdm.sys213376 bytesCreated: 2/23/2009 5:43 PMModified: 2/23/2009 5:43 PMCompany: Novatel Wireless Inc.----------Key: NWUSBPortImagePath: system32\DRIVERS\nwusbser.sysC:\Windows\Sysnative\DRIVERS\nwusbser.sys213376 bytesCreated: 2/23/2009 5:43 PMModified: 2/23/2009 5:43 PMCompany: Novatel Wireless Inc.----------Key: NWUSBPort2ImagePath: system32\DRIVERS\nwusbser2.sysC:\Windows\Sysnative\DRIVERS\nwusbser2.sys213376 bytesCreated: 2/23/2009 5:43 PMModified: 2/23/2009 5:43 PMCompany: Novatel Wireless Inc.----------Key: oseImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE149352 bytesCreated: 1/9/2010 9:18 PMModified: 1/9/2010 9:18 PMCompany: Microsoft Corporation----------Key: osppsvcImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE4925184 bytesCreated: 1/9/2010 9:34 PMModified: 1/9/2010 9:34 PMCompany: Microsoft Corporation----------Key: PerfHostImagePath: %SystemRoot%\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe20992 bytesCreated: 7/13/2009 4:11 PMModified: 7/13/2009 6:14 PMCompany: Microsoft Corporation----------Key: rdpbusImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sysC:\Windows\Sysnative\DRIVERS\rdpbus.sys24064 bytesCreated: 7/13/2009 5:17 PMModified: 7/13/2009 5:17 PMCompany: Microsoft Corporation----------Key: SerenumImagePath: \SystemRoot\system32\DRIVERS\serenum.sysC:\Windows\Sysnative\DRIVERS\serenum.sys23552 bytesCreated: 7/13/2009 5:00 PMModified: 7/13/2009 5:00 PMCompany: Microsoft Corporation----------Key: SerialImagePath: \SystemRoot\system32\DRIVERS\serial.sysC:\Windows\Sysnative\DRIVERS\serial.sys94208 bytesCreated: 7/13/2009 5:00 PMModified: 7/13/2009 5:00 PMCompany: Microsoft Corporation----------Key: SftfsImagePath: system32\DRIVERS\Sftfslh.sysC:\Windows\Sysnative\DRIVERS\Sftfslh.sys760168 bytesCreated: 9/14/2010 5:45 AMModified: 9/14/2010 5:45 AMCompany: Microsoft Corporation----------Key: sftlistImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe508264 bytesCreated: 9/14/2010 5:45 AMModified: 9/14/2010 5:45 AMCompany: Microsoft Corporation----------Key: SftplayImagePath: system32\DRIVERS\Sftplaylh.sysC:\Windows\Sysnative\DRIVERS\Sftplaylh.sys268648 bytesCreated: 9/14/2010 5:45 AMModified: 9/14/2010 5:45 AMCompany: Microsoft Corporation----------Key: SftredirImagePath: system32\DRIVERS\Sftredirlh.sysC:\Windows\Sysnative\DRIVERS\Sftredirlh.sys25960 bytesCreated: 9/14/2010 5:45 AMModified: 9/14/2010 5:45 AMCompany: Microsoft Corporation----------Key: SftvolImagePath: system32\DRIVERS\Sftvollh.sysC:\Windows\Sysnative\DRIVERS\Sftvollh.sys22376 bytesCreated: 9/14/2010 5:45 AMModified: 9/14/2010 5:45 AMCompany: Microsoft Corporation----------Key: sftvsaImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe219496 bytesCreated: 9/14/2010 5:45 AMModified: 9/14/2010 5:45 AMCompany: Microsoft Corporation----------Key: swenumImagePath: \SystemRoot\system32\drivers\swenum.sysC:\Windows\Sysnative\drivers\swenum.sys12496 bytesCreated: 7/13/2009 5:00 PMModified: 7/13/2009 6:45 PMCompany: Microsoft Corporation----------Key: TermDDImagePath: \SystemRoot\system32\drivers\termdd.sysC:\Windows\Sysnative\drivers\termdd.sys63360 bytesCreated: 7/7/2011 7:03 PMModified: 11/20/2010 6:33 AMCompany: Microsoft Corporation----------Key: TsUsbFltImagePath: system32\drivers\tsusbflt.sysC:\Windows\Sysnative\drivers\tsusbflt.sys59392 bytesCreated: 7/7/2011 7:05 PMModified: 11/20/2010 4:07 AMCompany: Microsoft Corporation----------Key: UmPassImagePath: system32\DRIVERS\umpass.sysC:\Windows\Sysnative\DRIVERS\umpass.sys9728 bytesCreated: 7/13/2009 5:06 PMModified: 7/13/2009 5:06 PMCompany: Microsoft Corporation----------Key: usbaudioImagePath: \SystemRoot\system32\drivers\usbaudio.sysC:\Windows\Sysnative\drivers\usbaudio.sys109696 bytesCreated: 7/7/2011 7:01 PMModified: 11/20/2010 3:43 AMCompany: Microsoft Corporation----------Key: usbvideoImagePath: \SystemRoot\System32\Drivers\usbvideo.sysC:\Windows\Sysnative\Drivers\usbvideo.sys184960 bytesCreated: 7/7/2011 7:02 PMModified: 11/20/2010 3:44 AMCompany: Microsoft Corporation----------Key: WatAdminSvcImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.exeC:\Windows\Sysnative\Wat\WatAdminSvc.exe1255736 bytesCreated: 2/4/2011 12:48 PMModified: 2/4/2011 12:48 AMCompany: Microsoft Corporation----------Key: WinUsbImagePath: system32\DRIVERS\WinUsb.sysC:\Windows\Sysnative\DRIVERS\WinUsb.sys41984 bytesCreated: 7/7/2011 7:02 PMModified: 11/20/2010 3:43 AMCompany: Microsoft Corporation----------Key: wlcrasvcImagePath: "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe57184 bytesCreated: 9/22/2010 6:10 PMModified: 9/22/2010 6:10 PMCompany: Microsoft Corporation----------Key: wlidsvcImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE2286976 bytesCreated: 9/21/2010 2:49 PMModified: 9/21/2010 2:49 PMCompany: Microsoft Corp.----------Key: ZTEusbgpsImagePath: system32\DRIVERS\ZTEusbgps.sysC:\Windows\Sysnative\DRIVERS\ZTEusbgps.sys121344 bytesCreated: 2/3/2011 5:29 PMModified: 4/15/2008 11:17 AMCompany: ZTE Incorporated----------Key: ZTEusbmdm6kImagePath: system32\DRIVERS\ZTEusbmdm6k.sysC:\Windows\Sysnative\DRIVERS\ZTEusbmdm6k.sys121344 bytesCreated: 2/3/2011 5:29 PMModified: 4/15/2008 11:17 AMCompany: ZTE Incorporated----------Key: ZTEusbnmeaImagePath: system32\DRIVERS\ZTEusbnmea.sysC:\Windows\Sysnative\DRIVERS\ZTEusbnmea.sys121344 bytesCreated: 2/3/2011 5:29 PMModified: 4/15/2008 11:17 AMCompany: ZTE Incorporated----------Key: ZTEusbnmeaextImagePath: system32\DRIVERS\ZTEusbnmeaext.sysC:\Windows\Sysnative\DRIVERS\ZTEusbnmeaext.sys121344 bytesCreated: 2/3/2011 5:29 PMModified: 4/15/2008 11:17 AMCompany: ZTE Incorporated----------Key: ZTEusbser6kImagePath: system32\DRIVERS\ZTEusbser6k.sysC:\Windows\Sysnative\DRIVERS\ZTEusbser6k.sys121344 bytesCreated: 2/3/2011 5:29 PMModified: 4/15/2008 11:17 AMCompany: ZTE Incorporated----------************************************************************1:21:23 AM: Scanning -----VXD ENTRIES-----************************************************************1:21:23 AM: Scanning ----- WINLOGON\NOTIFY DLLS -----No WINLOGON\NOTIFY DLLs found to scanRootkit scan of Winlogon\Notify key not possible [key may not exist]************************************************************1:21:23 AM: Scanning ----- CONTEXTMENUHANDLERS -----Key: McCtxMenuFrmWrkCLSID: {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2}File: [CLSID does not appear to reference a file]----------Key: WinRARCLSID: {B41DB860-64E4-11D2-9906-E49FADC173CA}File: [CLSID does not appear to reference a file]----------Key: WinRAR32CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}Path: C:\Program Files (x86)\WinRAR\rarext.dllC:\Program Files (x86)\WinRAR\rarext.dll128512 bytesCreated: 12/3/2010 2:28 PMModified: 5/22/2007 10:59 AMCompany: [no info]----------************************************************************1:21:23 AM: Scanning ----- FOLDER\COLUMNHANDLERS -----Key: {F9DB5320-233E-11D1-9F84-707F02C10627}File: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dllC:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll394136 bytesCreated: 9/5/2011 10:04 AMModified: 9/5/2011 10:04 AMCompany: Adobe Systems, Inc.----------************************************************************1:21:23 AM: Scanning ----- BROWSER HELPER OBJECTS -----Key: {11222041-111B-46E3-BD29-EFB2449479B1}BHO: C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLLC:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL145920 bytesCreated: 12/26/2010 3:53 PMModified: 12/24/2008 5:38 PMCompany: ArcSoft, Inc.----------Key: {27B4851A-3207-45A2-B947-BE8AFE6163AB}BHO: c:\progra~1\mcafee\msk\mskapbho.dllc:\progra~1\mcafee\msk\mskapbho.dll238056 bytesCreated: 5/17/2011 1:51 AMModified: 3/11/2011 3:33 PMCompany: McAfee, Inc.----------Key: {7DB2D5A0-7241-4E79-B68D-6309F01C5231}BHO: C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011080022.dllC:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111011080022.dll79480 bytesCreated: 10/11/2011 8:00 AMModified: 10/6/2011 4:42 PMCompany: McAfee, Inc.----------Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}BHO: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllC:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll439168 bytesCreated: 9/21/2010 2:08 PMModified: 9/21/2010 2:08 PMCompany: Microsoft Corp.----------Key: {9FDDE16B-836F-4806-AB1F-1455CBEFF289}BHO: C:\Program Files (x86)\Windows Live\Companion\companioncore.dllC:\Program Files (x86)\Windows Live\Companion\companioncore.dll393600 bytesCreated: 11/10/2010 2:07 AMModified: 11/10/2010 2:07 AMCompany: Microsoft Corporation----------Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll305328 bytesCreated: 3/28/2011 12:46 AMModified: 8/22/2011 12:10 PMCompany: Google Inc.----------Key: {B164E929-A1B6-4A06-B104-2CD0E90A88FF}BHO: c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dllc:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll258120 bytesCreated: 8/29/2011 12:10 PMModified: 8/11/2011 10:57 AMCompany: McAfee, Inc.----------Key: {d2ce3e00-f94a-4740-988e-03dc2f38c34f}BHO: c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dllc:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll82784 bytesCreated: 7/16/2009 11:35 AMModified: 7/16/2009 11:35 AMCompany: Microsoft Corp.----------************************************************************1:21:24 AM: Scanning ----- SHELLSERVICEOBJECTS -----************************************************************1:21:24 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----No SharedTaskScheduler entries found to scan************************************************************1:21:24 AM: Scanning ----- IMAGEFILE DEBUGGERS -----No "Debugger" entries found.************************************************************1:21:24 AM: Scanning ----- APPINIT_DLLS -----The AppInit_DLLs value is blank or does not exist************************************************************1:21:24 AM: Scanning ----- SECURITY PROVIDER DLLS -----************************************************************1:21:24 AM: Scanning ------ COMMON STARTUP GROUP ------[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]The Common Startup Group attempts to load the following file(s) at boot time:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini-HS- 404 bytesCreated: 7/13/2009 9:54 PMModified: 4/30/2011 3:03 AMCompany: [no info]--------------------Philips GoGear VIBE Device Manager.lnk - links to C:\Philips\GOGEAR~1\GOGEAR~1.EXEC:\Philips\GOGEAR~1\GOGEAR~1.EXE1701224 bytesCreated: 12/25/2010 2:48 AMModified: 12/3/2009 12:05 PMCompany: Philips--------------------************************************************************1:21:25 AM: Scanning ----- USER STARTUP GROUPS -----Checking Startup Group for: Andrew[C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini-HS- 174 bytesCreated: 12/2/2010 2:57 PMModified: 7/13/2011 9:59 PMCompany: [no info]------------------------------Checking Startup Group for: Guest[C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini-HS- 174 bytesCreated: 3/20/2011 9:20 AMModified: 3/20/2011 9:21 AMCompany: [no info]------------------------------Checking Startup Group for: Maria[C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini-HS- 174 bytesCreated: 12/3/2010 12:25 AMModified: 7/13/2011 2:39 AMCompany: [no info]------------------------------Checking Startup Group for: Massacre[C:\Users\Massacre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]C:\Users\Massacre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini-HS- 174 bytesCreated: 3/21/2011 3:06 PMModified: 7/25/2011 7:47 PMCompany: [no info]------------------------------************************************************************1:21:25 AM: Scanning ----- SCHEDULED TASKS -----Taskname: {031C0273-BFAC-49D3-9BDA-2F3A69A4EF29}File: C:\Windows\system32\pcalua.exe - globally excludedParameters: -a E:\iPodSetup.exe -d E:\----------Taskname: {2E01A900-B025-471C-979B-351CBC50BCCE}File: C:\Windows\system32\pcalua.exe - globally excludedParameters: -a E:\kodak\Setup.exe -d E:\kodak----------Taskname: {5AC20180-BA14-48FB-8E71-9C01D3CC7B9E}File: C:\Windows\system32\pcalua.exe - globally excludedParameters: -a F:\VZAccess_Manager.exe -d F:\ -c /z detect----------Taskname: {EFE851AE-204D-47FB-AD95-0B5B17E1A000}File: C:\Windows\system32\pcalua.exe - globally excludedParameters: -a F:\Plugins\Rob.Papen.Blue.VSTi.v1.01-h2O\setup.exe -d F:\Plugins\Rob.Papen.Blue.VSTi.v1.01-h2O----------Taskname: CLMLSvcFile: c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exec:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe210216 bytesCreated: 10/22/2009 6:50 PMModified: 10/22/2009 6:50 PMCompany: CyberLinkSchedule: At logonNext Run Time: Status: RunningCreator: CyberLinkComments: ----------Taskname: DVDAgentFile: c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exeSchedule: At logonNext Run Time: Status: ReadyCreator: CyberLinkComments: c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe - [file not found to scan]----------Taskname: ExtendedServicePlanFile: C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exeC:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe26680 bytesCreated: 4/14/2010 10:41 AMModified: 10/20/2009 2:58 AMCompany: Parameters: ExtendedServicePlan ShowMessageTaskSchedule: At 12:00:00 AM on 11/2/2011Next Run Time: Status: ReadyCreator: Comments: ----------Taskname: GoogleUpdateTaskMachineCoreFile: C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe136176 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google Inc.Parameters: /cSchedule: Multiple schedule timesNext Run Time: 11/3/2011 7:16:00 PMStatus: ReadyCreator: MariaComments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.----------Taskname: GoogleUpdateTaskMachineUAFile: C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe136176 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google Inc.Parameters: /ua /installsource schedulerSchedule: At 7:16:00 PM every dayNext Run Time: 11/3/2011 2:16:00 AMStatus: ReadyCreator: MariaComments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.----------Taskname: HPCeeScheduleForAndrewFile: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeC:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe91704 bytesCreated: 10/7/2009 4:22 AMModified: 10/7/2009 4:22 AMCompany: Hewlett-PackardParameters: HPCeeScheduleForAndrew (null)Schedule: At 9:26:00 PM on 11/8/2011Next Run Time: 12/8/2011 9:26:00 PMStatus: ReadyCreator: AndrewComments: ----------Taskname: HPCeeScheduleForMariaFile: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeC:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe91704 bytesCreated: 10/7/2009 4:22 AMModified: 10/7/2009 4:22 AMCompany: Hewlett-PackardParameters: HPCeeScheduleForMaria (null)Schedule: At 10:05:00 PM on 12/2/2011Next Run Time: 1/1/2012 10:05:00 PMStatus: ReadyCreator: MariaComments: ----------Taskname: HPCeeScheduleForMassacreFile: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeC:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe91704 bytesCreated: 10/7/2009 4:22 AMModified: 10/7/2009 4:22 AMCompany: Hewlett-PackardParameters: HPCeeScheduleForMassacre (null)Schedule: At 10:26:00 PM on 11/15/2011Next Run Time: 12/15/2011 10:26:00 PMStatus: ReadyCreator: MassacreComments: ----------Taskname: HPCustParticipation HP Deskjet 3050 J610 seriesFile: C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exeC:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe3689320 bytesCreated: 6/14/2010 4:28 PMModified: 6/14/2010 4:28 PMCompany: Hewlett-Packard Co.Parameters: /UA 9.0 /DDV 0x0805Schedule: At 10:32:00 PM on 2/14/2011Next Run Time: 11/3/2011 1:32:00 AMStatus: ReadyCreator: AndrewComments: ----------Taskname: PCDRScheduledMaintenanceFile: C:\Program Files\PC-Doctor for Windows\pcdrcui.exeC:\Program Files\PC-Doctor for Windows\pcdrcui.exe147440 bytesCreated: 9/18/2009 12:11 AMModified: 9/18/2009 12:11 AMCompany: PC-Doctor, Inc.Parameters: -fh scripts\monthly.xml -st PCDRScheduledMaintenanceSchedule: Multiple schedule timesNext Run Time: 2/28/2012 10:00:00 AMStatus: ReadyCreator: PC-DoctorComments: ----------Taskname: RecoveryCDWin7File: C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exeC:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe26680 bytesCreated: 4/14/2010 10:41 AMModified: 10/20/2009 2:58 AMCompany: Parameters: RecoveryCDWin7 ShowMessageTaskSchedule: At 12:00:00 AM every 14 daysNext Run Time: Status: ReadyCreator: Comments: ----------Taskname: RegistrationFile: C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exeC:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe26680 bytesCreated: 4/14/2010 10:41 AMModified: 10/20/2009 2:58 AMCompany: Parameters: Registration ShowMessageTask2DSchedule: At 12:00:00 AM on 12/12/2010Next Run Time: Status: ReadyCreator: Comments: ----------Taskname: ServicePlanFile: C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exeC:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe26680 bytesCreated: 4/14/2010 10:41 AMModified: 10/20/2009 2:58 AMCompany: Parameters: ServicePlan ShowMessageTask15DSchedule: At 12:00:00 AM on 12/17/2010Next Run Time: Status: ReadyCreator: Comments: ----------Taskname: User_Feed_Synchronization-{5BD17DF4-82B8-45F6-A0CF-E43CD51754B2}File: C:\Windows\Sysnative\msfeedssync.exeC:\Windows\Sysnative\msfeedssync.exe10752 bytesCreated: 7/13/2011 1:48 AMModified: 7/13/2011 1:48 AMCompany: Microsoft CorporationParameters: syncSchedule: At 2:24:50 AM every dayNext Run Time: 11/3/2011 7:24:50 PMStatus: ReadyCreator: Andrew-PC\MariaComments: Updates out-of-date system feeds.----------************************************************************1:21:28 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----Key: SharingPrivateCLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}File: %SystemRoot%\system32\ntshrui.dllC:\Windows\Sysnative\ntshrui.dll509952 bytesCreated: 7/7/2011 7:03 PMModified: 11/20/2010 6:27 AMCompany: Microsoft Corporation----------************************************************************1:21:28 AM: Scanning ----- DEVICE DRIVER ENTRIES -----Value: msacm.l3acmFile: C:\Windows\SysWOW64\l3codeca.acmC:\Windows\SysWOW64\l3codeca.acm64000 bytesCreated: 7/13/2009 5:07 PMModified: 7/13/2009 6:14 PMCompany: Fraunhofer Institut Integrierte Schaltungen IIS----------Value: msacm.l3codecpFile: l3codecp.acmC:\Windows\system32\l3codecp.acm220672 bytesCreated: 7/13/2009 5:09 PMModified: 7/13/2009 6:14 PMCompany: Fraunhofer Institut Integrierte Schaltungen IIS----------Value: msacm.vorbisFile: vorbis.acmC:\Windows\system32\vorbis.acm1294336 bytesCreated: 12/3/2010 12:48 AMModified: 7/8/2002 12:14 AMCompany: HMS http://hp.vector.co.jp/authors/VA012897/----------Value: VIDC.FFDSFile: ff_vfw.dllC:\Windows\system32\ff_vfw.dll57344 bytesCreated: 3/20/2011 11:57 PMModified: 12/17/2008 7:22 PMCompany: [no info]----------Value: vidc.xvidFile: xvid.dllC:\Windows\system32\xvid.dll602112 bytesCreated: 6/22/2010 5:30 AMModified: 6/22/2010 5:30 AMCompany: [no info]----------************************************************************1:21:31 AM: ----- ADDITIONAL CHECKS -----Heuristic checks for hidden files/drivers completed----------Layered Service Provider entries checks completed----------Windows Explorer Policies checks completed----------Desktop Wallpaper: C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgC:\Users\Maria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg312651 bytesCreated: 5/25/2011 2:56 AMModified: 10/29/2011 3:00 AMCompany: [no info]----------Web Desktop Wallpaper entry is blank----------Checks for rogue DNS NameServers completed----------Additional checks completed************************************************************1:21:31 AM: Scanning ----- RUNNING PROCESSES -----C:\Windows\SysWOW64\rundll32.exe44544 bytesCreated: 7/13/2009 4:41 PMModified: 7/13/2009 6:14 PMCompany: Microsoft Corporation--------------------C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe656896 bytesCreated: 8/24/2009 7:11 PMModified: 8/24/2009 7:11 PMCompany: Hewlett-Packard--------------------C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac309824 bytesCreated: 12/26/2010 3:53 PMModified: 8/25/2010 11:27 AMCompany: ArcSoft Inc.--------------------C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exeFileSize: 4740016[This is a Trojan Remover component]----------------------------------------************************************************************1:21:31 AM: Checking HOSTS fileNo malicious entries were found in the HOSTS file************************************************************------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":http://g.msn.com/HPDSK/1HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":C:\Windows\SysWOW64\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":http://go.microsoft.com/fwlink/?LinkId=54896HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":http://g.msn.com/HPDSK/1HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":http://go.microsoft.com/fwlink/?LinkId=54896HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":http://yahoo.com/HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":C:\Windows\system32\blank.htmHKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":http://go.microsoft.com/fwlink/?LinkId=54896HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":http://www.msn.com/?ocid=OIE9HP************************************************************=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===Scan completed at: 1:21:32 AM 03 Nov 2011Total Scan time: 00:01:07***************************************************************** THE SYSTEM HAS BEEN RESTARTED *****11/3/2011 12:14:48 AM: Trojan Remover has been restarted=======================================================Removing the following registry keys:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0} - already removed (or did not exist)HKCR\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0} - already removed (or did not exist)=======================================================Unable to rename C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll to C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll.vir(C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll does not appear to exist)11/3/2011 12:14:48 AM: Trojan Remover closed***************************************************************** NORMAL SCAN FOR ACTIVE MALWARE *****Trojan Remover Ver 6.8.2.2600. For information, email support@simplysup.com[Unregistered version]Scan started at: 12:10:02 AM 03 Nov 2011Using Database v7749Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]File System: NTFSUAC is ENABLED [default level]UserData directory: C:\Users\Maria\AppData\Roaming\Simply Super Software\Trojan Remover\Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\Logfile directory: C:\Users\Maria\Documents\Simply Super Software\Trojan Remover Logfiles\Program directory: C:\Program Files (x86)\Trojan Remover\Running with Administrator privileges************************************************************The regfile\shell\open\command Registry Key appears to have been modified.The current Registry entry is: "regedit.exe" "%1".This entry calls the following file:C:\Windows\system32\regedit.exeTrojan Remover has restored the Registry regfile\shell\open key.--------------------************************************************************12:10:12 AM: ----- SCANNING FOR ROOTKIT SERVICES -----No hidden Services were detected.************************************************************12:10:14 AM: Scanning -----WINDOWS REGISTRY-------------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon--------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogonThis key's "Shell" value calls the following program(s):Key value: [explorer.exe]File: explorer.exeC:\Windows\system32\explorer.exe2616320 bytesCreated: 4/26/2011 2:39 PMModified: 2/24/2011 10:30 PMCompany: Microsoft Corporation----------This key's "Userinit" value calls the following program(s):Key value: [userinit.exe]File: userinit.exeC:\Windows\system32\userinit.exe26624 bytesCreated: 7/7/2011 7:02 PMModified: 11/20/2010 5:17 AMCompany: Microsoft Corporation------------------------------Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows--------------------Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows--------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunValue Name: hpsysdrvValue Data: c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exec:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe62768 bytesCreated: 11/20/2008 10:47 AMModified: 11/20/2008 10:47 AMCompany: Hewlett-Packard--------------------Value Name: HP Remote SolutionValue Data: %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeC:\Program Files\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe - [file not found to scan]--------------------Value Name: NortonOnlineBackupReminderValue Data: "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDEDC:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe600936 bytesCreated: 6/29/2009 2:01 PMModified: 6/29/2009 2:01 PMCompany: Symantec Corporation--------------------Value Name: ArcSoft Connection ServiceValue Data: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe207360 bytesCreated: 12/26/2010 3:53 PMModified: 3/18/2010 11:19 AMCompany: ArcSoft Inc.--------------------Value Name: mcui_exeValue Data: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyC:\Program Files\McAfee.com\Agent\mcagent.exe1674896 bytesCreated: 11/2/2011 10:05 PMModified: 9/16/2011 6:38 PMCompany: McAfee, Inc.--------------------Value Name: HP Software UpdateValue Data: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeC:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe49208 bytesCreated: 3/12/2010 1:08 PMModified: 3/12/2010 1:08 PMCompany: Hewlett-Packard--------------------Value Name: Value Data: Blank entry: []--------------------Value Name: QuickTime TaskValue Data: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeC:\Program Files (x86)\QuickTime\QTTask.exe421888 bytesCreated: 11/29/2010 5:38 PMModified: 11/29/2010 5:38 PMCompany: Apple Inc.--------------------Value Name: iTunesHelperValue Data: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"C:\Program Files (x86)\iTunes\iTunesHelper.exe421160 bytesCreated: 4/27/2011 1:22 AMModified: 4/27/2011 1:22 AMCompany: Apple Inc.--------------------Value Name: Adobe ARMValue Data: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe937920 bytesCreated: 6/6/2011 12:55 PMModified: 6/6/2011 12:55 PMCompany: Adobe Systems Incorporated--------------------Value Name: SunJavaUpdateSchedValue Data: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe254696 bytesCreated: 6/9/2011 1:06 PMModified: 6/9/2011 1:06 PMCompany: Sun Microsystems, Inc.--------------------Value Name: TrojanScannerValue Data: C:\Program Files (x86)\Trojan Remover\Trjscan.exe /bootC:\Program Files (x86)\Trojan Remover\Trjscan.exe1233856 bytesCreated: 11/3/2011 12:08 AMModified: 5/18/2011 6:32 PMCompany: Simply Super Software--------------------Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceThis Registry Key appears to be empty--------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunThis Registry Key appears to be empty--------------------Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceThis Registry Key appears to be empty************************************************************12:10:23 AM: Scanning -----SHELLEXECUTEHOOKS-----ShellExecuteHooks key is empty************************************************************12:10:23 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----Taskdir check completed----------No Hidden File-loading Registry Entries found----------************************************************************12:10:23 AM: Scanning -----ACTIVE SCREENSAVER-----ScreenSaver: C:\Windows\system32\scrnsave.scrC:\Windows\Sysnative\scrnsave.scr11264 bytesCreated: 7/13/2009 4:56 PMModified: 7/13/2009 6:38 PMCompany: Microsoft Corporation--------------------************************************************************12:10:23 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}Path: %SystemRoot%\system32\unregmp2.exe /ShowWMPC:\Windows\Sysnative\unregmp2.exe323584 bytesCreated: 7/13/2009 5:23 PMModified: 7/13/2009 6:39 PMCompany: Microsoft Corporation----------Key: >{26923b43-4d38-484f-9b9e-de460746276c}Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfigC:\Windows\SysWOW64\ie4uinit.exe74240 bytesCreated: 7/13/2011 1:48 AMModified: 7/13/2011 1:48 AMCompany: Microsoft Corporation----------Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllC:\Windows\Sysnative\themeui.dll2851840 bytesCreated: 7/7/2011 7:03 PMModified: 11/20/2010 6:27 AMCompany: Microsoft Corporation----------Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOEC:\Program Files (x86)\Windows Mail\WinMail.exeKey: {6BF52A52-394A-11d3-B153-00C04F79FAA6}Path: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUIC:\Windows\Sysnative\unregmp2.exe323584 bytesCreated: 7/13/2009 5:23 PMModified: 7/13/2009 6:39 PMCompany: Microsoft Corporation----------Key: {89820200-ECBD-11cf-8B85-00AA005B4383}Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettingsC:\Windows\SysWOW64\ie4uinit.exe74240 bytesCreated: 7/13/2011 1:48 AMModified: 7/13/2011 1:48 AMCompany: Microsoft Corporation----------Key: {89B4C1CD-B018-4511-B0A1-5476DBF70820}Path: C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,InstallC:\Windows\SysWOW64\mscories.dll80720 bytesCreated: 7/7/2011 7:02 PMModified: 11/4/2010 6:58 PMCompany: Microsoft Corporation----------************************************************************12:10:25 AM: Scanning ----- SERVICEDLL REGISTRY KEYS -----************************************************************12:10:29 AM: Scanning ----- SERVICES REGISTRY KEYS -----Key: 0194101320297017mcinstcleanupImagePath: C:\Windows\TEMP\019410~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -serviceC:\Windows\TEMP\019410~1.EXE822104 bytesCreated: 11/2/2011 10:10 PMModified: 1/26/2011 11:30 AMCompany: McAfee, Inc.----------Key: ACDaemonImagePath: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe113152 bytesCreated: 12/26/2010 3:53 PMModified: 3/18/2010 11:19 AMCompany: ArcSoft Inc.----------Key: AdobeARMserviceImagePath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe64952 bytesCreated: 6/6/2011 12:55 PMModified: 6/6/2011 12:55 PMCompany: Adobe Systems Incorporated----------Key: amdsataImagePath: \SystemRoot\system32\drivers\amdsata.sysC:\Windows\Sysnative\drivers\amdsata.sys107904 bytesCreated: 4/26/2011 2:39 PMModified: 3/10/2011 11:41 PMCompany: Advanced Micro Devices----------Key: amdxataImagePath: system32\drivers\amdxata.sysC:\Windows\Sysnative\drivers\amdxata.sys27008 bytesCreated: 4/26/2011 2:39 PMModified: 3/10/2011 11:41 PMCompany: Advanced Micro Devices----------Key: Apple Mobile DeviceImagePath: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe37664 bytesCreated: 2/18/2011 4:37 PMModified: 2/18/2011 4:37 PMCompany: Apple Inc.----------Key: atapiImagePath: \SystemRoot\system32\drivers\atapi.sysC:\Windows\Sysnative\drivers\atapi.sys24128 bytesCreated: 7/13/2009 4:19 PMModified: 7/13/2009 6:52 PMCompany: Microsoft Corporation----------Key: b06bdrvImagePath: \SystemRoot\system32\DRIVERS\bxvbda.sysC:\Windows\Sysnative\DRIVERS\bxvbda.sys468480 bytesCreated: 6/10/2009 1:34 PMModified: 6/10/2009 1:34 PMCompany: Broadcom Corporation----------Key: b57nd60aImagePath: system32\DRIVERS\b57nd60a.sysC:\Windows\Sysnative\DRIVERS\b57nd60a.sys270848 bytesCreated: 6/10/2009 1:34 PMModified: 6/10/2009 1:34 PMCompany: Broadcom Corporation----------Key: Bonjour ServiceImagePath: "C:\Program Files (x86)\Bonjour\mDNSResponder.exe"C:\Program Files (x86)\Bonjour\mDNSResponder.exe349472 bytesCreated: 4/6/2011 4:20 PMModified: 4/6/2011 4:20 PMCompany: Apple Inc.----------Key: BVRPMPR5a64ImagePath: \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYSC:\Windows\Sysnative\drivers\BVRPMPR5a64.SYS-R- 35840 bytesCreated: 3/20/2011 2:50 PMModified: 6/21/2010 7:51 PMCompany: Avanquest Software----------Key: cfwidsImagePath: system32\drivers\cfwids.sysC:\Windows\Sysnative\drivers\cfwids.sys65128 bytesCreated: 2/4/2011 11:18 PMModified: 8/15/2011 10:00 AMCompany: McAfee, Inc.----------Key: clr_optimization_v2.0.50727_64ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe89920 bytesCreated: 7/13/2009 1:37 PMModified: 6/10/2009 1:39 PMCompany: Microsoft Corporation----------Key: clr_optimization_v4.0.30319_32ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe130384 bytesCreated: 3/18/2010 1:16 PMModified: 3/18/2010 1:16 PMCompany: Microsoft Corporation----------Key: clr_optimization_v4.0.30319_64ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe138576 bytesCreated: 3/18/2010 2:27 PMModified: 3/18/2010 2:27 PMCompany: Microsoft Corporation----------Key: CompositeBusImagePath: \SystemRoot\system32\drivers\CompositeBus.sysC:\Windows\Sysnative\drivers\CompositeBus.sys38912 bytesCreated: 7/7/2011 6:59 PMModified: 11/20/2010 3:33 AMCompany: Microsoft Corporation----------Key: cvhsvcImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE821664 bytesCreated: 10/20/2010 3:23 PMModified: 10/20/2010 3:23 PMCompany: Microsoft Corporation----------Key: ebdrvImagePath: \SystemRoot\system32\DRIVERS\evbda.sysC:\Windows\Sysnative\DRIVERS\evbda.sys3286016 bytesCreated: 6/10/2009 1:34 PMModified: 6/10/2009 1:34 PMCompany: Broadcom Corporation----------Key: FontCache3.0.0.0ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe42856 bytesCreated: 7/7/2011 7:02 PMModified: 11/4/2010 6:53 PMCompany: Microsoft Corporation----------Key: fssfltrImagePath: system32\DRIVERS\fssfltr.sysC:\Windows\Sysnative\DRIVERS\fssfltr.sys48488 bytesCreated: 3/30/2011 2:54 AMModified: 9/23/2010 12:36 AMCompany: Microsoft Corporation----------Key: fsssvcImagePath: "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe1493352 bytesCreated: 9/23/2010 12:21 AMModified: 9/23/2010 12:21 AMCompany: Microsoft Corporation----------Key: GameConsoleServiceImagePath: "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe"C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe250616 bytesCreated: 6/5/2009 5:07 PMModified: 6/5/2009 5:07 PMCompany: WildTangent, Inc.----------Key: gupdateImagePath: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svcC:\Program Files (x86)\Google\Update\GoogleUpdate.exe 136176 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google Inc.----------Key: gupdatemImagePath: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvcC:\Program Files (x86)\Google\Update\GoogleUpdate.exe 136176 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google Inc.----------Key: gusvcImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe182768 bytesCreated: 3/28/2011 12:46 AMModified: 3/28/2011 12:46 AMCompany: Google----------Key: HidUsbImagePath: \SystemRoot\system32\drivers\hidusb.sysC:\Windows\Sysnative\drivers\hidusb.sys30208 bytesCreated: 7/7/2011 6:59 PMModified: 11/20/2010 3:43 AMCompany: Microsoft Corporation----------Key: HP Support Assistant ServiceImagePath: "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe85560 bytesCreated: 6/21/2011 3:57 PMModified: 6/21/2011 3:57 PMCompany: Hewlett-Packard Company----------Key: HPDrvMntSvc.exeImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe94264 bytesCreated: 3/28/2011 5:07 PMModified: 3/28/2011 5:07 PMCompany: Hewlett-Packard Company----------Key: hpqwmiexImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe799800 bytesCreated: 3/28/2011 5:03 PMModified: 3/28/2011 5:03 PMCompany: Hewlett-Packard Company----------Key: iaStorVImagePath: \SystemRoot\system32\drivers\iaStorV.sysC:\Windows\Sysnative\drivers\iaStorV.sys410496 bytesCreated: 4/26/2011 2:39 PMModified: 3/10/2011 11:41 PMCompany: Intel Corporation----------Key: IDriverTImagePath: "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe69632 bytesCreated: 4/4/2005 12:41 AMModified: 4/4/2005 12:41 AMCompany: Macrovision Corporation----------Key: idsvcImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe856400 bytesCreated: 7/7/2011 7:02 PMModified: 11/4/2010 6:52 PMCompany: Microsoft Corporation----------Key: IntcAzAudAddServiceImagePath: system32\drivers\RTKVHD64.sysC:\Windows\Sysnative\drivers\RTKVHD64.sys2004128 bytesCreated: 4/14/2010 10:57 AMModified: 9/15/2009 12:08 PMCompany: Realtek Semiconductor Corp.----------Key: iPod ServiceImagePath: "C:\Program Files (x86)\iPod\bin\iPodService.exe"C:\Program Files (x86)\iPod\bin\iPodService.exe934176 bytesCreated: 4/27/2011 1:23 AMModified: 4/27/2011 1:23 AMCompany: Apple Inc.----------Key: kbdclassImagePath: \SystemRoot\system32\drivers\kbdclass.sysC:\Windows\Sysnative\drivers\kbdclass.sys50768 bytesCreated: 7/13/2009 4:19 PMModified: 7/13/2009 6:48 PMCompany: Microsoft Corporation----------Key: kbdhidImagePath: \SystemRoot\system32\drivers\kbdhid.sysC:\Windows\Sysnative\drivers\kbdhid.sys33280 bytesCreated: 7/7/2011 6:59 PMModified: 11/20/2010 3:33 AMCompany: Microsoft Corporation----------Key: ksthunkImagePath: \SystemRoot\system32\drivers\ksthunk.sysC:\Windows\Sysnative\drivers\ksthunk.sys20992 bytesCreated: 7/13/2009 5:00 PMModified: 7/13/2009 5:00 PMCompany: Microsoft Corporation----------Key: LightScribeServiceImagePath: "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe73728 bytesCreated: 8/20/2009 1:34 PMModified: 8/20/2009 1:34 PMCompany: Hewlett-Packard Company----------Key: massfilterImagePath: system32\drivers\massfilter.sysC:\Windows\Sysnative\drivers\massfilter.sys11776 bytesCreated: 2/3/2011 5:29 PMModified: 4/15/2008 11:17 AMCompany: MBB Incorporated----------Key: McODSImagePath: "C:\Program Files\McAfee\VirusScan\mcods.exe"C:\Program Files\McAfee\VirusScan\mcods.exe501768 bytesCreated: 6/7/2011 1:08 AMModified: 3/17/2011 4:39 PMCompany: McAfee, Inc.----------Key: McShieldImagePath: "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe"C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe199008 bytesCreated: 2/4/2011 11:19 PMModified: 10/6/2011 4:37 PMCompany: McAfee, Inc.----------Key: mfeapfkImagePath: system32\drivers\mfeapfk.sysC:\Windows\Sysnative\drivers\mfe

Collapse -
i tried all of that
by sanfordgirl / November 4, 2011 3:05 PM PDT
In reply to: To remove it..

but my mcafee still detects a trojan but it doesnt specify anything else.

Collapse -
Your log file..
by Carol~ Forum moderator / November 5, 2011 5:55 AM PDT
In reply to: i tried all of that

As a start...

Unless my browser perceives it differently than yours, do you see what the log looks like in your post? My browser makes it impossible to read. The only way I know to explain it is, it looks like "a bunch of run on sentences" or "a jumble of words". Sad How about you?

You wrote, "I tried all of that". You installed the Revo Uninstaller? And you also looked at the areas I suggested? And no where did you find where Imesh/MediaBar/Web Search existed? Did a folder for it exist in your Program Files? Have you (first) tried shutting down any Imesh related processes in the Task Manager?

You wrote in your original post: "my mcaffee detected the trojan but it doesnt detect it as a threat". Could it be detecting it as a PUP (Potentially Unwanted Program)? Would you mind explaining it in a bit more detail?

In this last and most recent post, you indicate McAfee still detects a trojan but it doesn't specify anything else. Does it indicate WHERE the trojan was found? Such as a "path".

Try scanning with ESET's Online Scanner - Their FAQ and Help sections should answer any questions you might have. You will need to temporarily disable McAfee or AVG, prior to running the scan. I DO hope you uninstalled one of the two, as Bob suggested.

Am I correct in assuming, your overall concern is with making sure Imesh is eradicated from your system?

We generally don't analyze HijackThis logs here, but if you wish to post one, we can take a peek, to see if we find anything related to Imesh listed within. Otherwise, there IS a program which will recognize Imesh and get rid of it. We don't recommend its use, without the assistance of a trained helper, due to all the warnings associated with it. If you wish to make use of it, you will find a list of forums of the left-hand side of this page. A trained helper will not doubt recommend it, and walk you through the removal process..

Sorry for more questions than answers. My confusion compels me to ask.
Carol

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.