Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Search gala redirect from google

Started by mdjr , May 15 2012 09:32 AM

This topic is locked

18 replies to this topic

#1 mdjr

Member

Members
26 posts

Posted 15 May 2012 - 09:32 AM

Mod EDit: moved from AII to Virus, Trojan, Spyware, and Malware Removal Logs. Note TDSS was run ,noyhing found
.~~ boopme

using google from toolbar redirects to search-gala.com. However, I can use google without difficulty from google.com.

Adaware, Malwarebytes, and SuperAntispyware do not solve the issue. There is no result in searching for files/folders for search gala.

thanks in advance for your help.

jr

Here is the DDS log:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by James at 10:09:48 on 2012-05-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.557 [GMT -5:00]
.
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\HLEBLFVB\Defogger[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SpyHunter Security Suite] "c:\program files\enigma software group\spyhunter\SpyHunter4.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\newsfl~1.lnk - c:\program files\common files\mysoftware\Newsflsh.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: avanquest.com\shop
Trusted Zone: womansonline.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www2.snapfish.com/SnapfishActivia2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.33/ttinst.cab
DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.99
TCP: Interfaces\{1AF3B3D1-174F-4476-988A-3084B5FA4446} : DhcpNameServer = 192.168.0.99
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 atitray;atitray;c:\progra~1\ngoati~1.4\att\atitray.sys [2005-3-21 6656]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-2 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-5-14 101112]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-2 212568]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-6-19 10448]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2006-9-6 70016]
R2 PACS Client Updater;PACS Client Updater;c:\program files\agfa\impax client\Agfa.Client.Updater.Service.exe [2008-12-22 24576]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-1-18 737184]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 10448]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-2 69208]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 iniNpfs;iniNpfs;\??\c:\windows\system32\drivers\cdfltmgr.sys --> c:\windows\system32\drivers\cdfltmgr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\asushwio.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\james\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\james\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2008-3-7 96256]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-2 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-2 94040]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [2006-1-2 18088]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-4-27 278384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [2005-4-27 176256]
S4 HGKSM;HGKSM;c:\docume~1\james\locals~1\temp\hgksm.exe --> c:\docume~1\james\locals~1\temp\HGKSM.exe [?]
S4 TUA;TUA;c:\docume~1\james\locals~1\temp\tua.exe --> c:\docume~1\james\locals~1\temp\TUA.exe [?]
S4 WZASZYMY;WZASZYMY;c:\docume~1\james\locals~1\temp\wzaszymy.exe --> c:\docume~1\james\locals~1\temp\WZASZYMY.exe [?]
UnknownUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2012-05-15 14:41:13 -------- d-----w- c:\documents and settings\james\application data\CompuClever
2012-05-15 14:41:13 -------- d-----w- c:\documents and settings\all users\application data\CompuClever
2012-05-15 14:41:12 -------- d-----w- c:\program files\CompuClever
2012-05-15 02:30:39 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-05-15 02:30:39 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-14 03:51:41 110080 ----a-r- c:\documents and settings\james\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-05-14 03:51:41 110080 ----a-r- c:\documents and settings\james\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-05-14 03:51:41 110080 ----a-r- c:\documents and settings\james\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-05-14 03:51:37 -------- d-----w- C:\sh4ldr
2012-05-14 03:51:37 -------- d-----w- c:\program files\Enigma Software Group
2012-05-14 02:32:52 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-14 02:32:47 -------- d-----w- c:\program files\common files\Wise Installation Wizard
.
==================== Find3M ====================
.
2012-04-11 13:12:06 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 01:40:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-01 01:40:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-25 15:47:38 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-15 17:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 17:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-09-28 21:55:44 74520 ----a-w- c:\program files\DSETUP.dll
2006-09-28 21:55:44 484632 ----a-w- c:\program files\DXSETUP.exe
2006-09-28 21:55:44 2248984 ----a-w- c:\program files\dsetup32.dll
2005-09-12 22:56:06 774144 ----a-w- c:\program files\RngInterstitial.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
c:\windows\system32\drivers\prosync1.sys Protection Technology StarForce Protection System
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A6FAAB8]
3 CLASSPNP[0xF7667FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000008c[0x8A747500]
5 ACPI[0xF74E0620] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A71C998]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
.
============= FINISH: 10:10:52.90 ===============

Edited by boopme, 16 May 2012 - 09:21 AM.

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,823 posts

Gender:Male
Location:Puerto rico

Posted 17 May 2012 - 03:16 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 mdjr

Member

Members
26 posts

Posted 17 May 2012 - 08:01 AM

thanks gringo. you helped me back in august 2010.

here is the checkup file:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Sony Preset Manager 2.0e
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
SpyHunter
SUPERAntiSpyware
PC TuneUp Maestro
Java™ 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

and the combo fix report:

ComboFix 12-05-17.02 - James 05/17/2012 7:40.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.830 [GMT -5:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\James\My Documents\~WRL0922.tmp
c:\documents and settings\James\My Documents\~WRL1014.tmp
c:\documents and settings\James\My Documents\~WRL1396.tmp
c:\documents and settings\James\My Documents\~WRL2543.tmp
c:\documents and settings\James\My Documents\~WRL2617.tmp
c:\documents and settings\James\My Documents\~WRL3698.tmp
c:\documents and settings\James\My Documents\~WRL3711.tmp
c:\documents and settings\James\WINDOWS
c:\documents and settings\mom\My Documents\~WRL1608.tmp
c:\program files\RadioPI_4eEI
c:\windows\system32\SET70D.tmp
c:\windows\system32\SET732.tmp
c:\windows\system32\SET734.tmp
c:\windows\system32\SET742.tmp
c:\windows\system32\SET760.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-16 20:54 . 2012-05-16 20:54 -------- d-----w- c:\program files\QuickTime
2012-05-16 16:54 . 2012-05-16 16:54 110080 ----a-r- c:\documents and settings\James\Application Data\Microsoft\Installer\{9710BF34-7997-4E06-BF75-B0E738B7C7B3}\IconF7A21AF7.exe
2012-05-16 16:54 . 2012-05-16 16:54 110080 ----a-r- c:\documents and settings\James\Application Data\Microsoft\Installer\{9710BF34-7997-4E06-BF75-B0E738B7C7B3}\IconD7F16134.exe
2012-05-16 16:54 . 2012-05-16 16:54 110080 ----a-r- c:\documents and settings\James\Application Data\Microsoft\Installer\{9710BF34-7997-4E06-BF75-B0E738B7C7B3}\IconCAE74F08.exe
2012-05-16 15:35 . 2012-05-16 16:54 -------- d-----w- c:\windows\9710BF3479974E06BF75B0E738B7C7B3.TMP
2012-05-15 14:41 . 2012-05-15 14:41 -------- d-----w- c:\documents and settings\James\Application Data\CompuClever
2012-05-15 14:41 . 2012-05-15 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CompuClever
2012-05-15 14:41 . 2012-05-15 14:41 -------- d-----w- c:\program files\CompuClever
2012-05-15 02:30 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-05-15 02:30 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-14 03:51 . 2012-05-16 16:54 -------- d-----w- C:\sh4ldr
2012-05-14 03:51 . 2012-05-14 03:51 -------- d-----w- c:\program files\Enigma Software Group
2012-05-14 02:32 . 2012-05-16 16:54 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-14 02:32 . 2012-05-16 15:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2004-08-03 21:17 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-03 21:20 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2010-03-01 04:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 01:40 . 2012-04-01 01:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-01 01:40 . 2011-07-16 03:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-08-03 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-03 22:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-03 22:56 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-25 15:47 . 2010-06-19 16:42 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2006-09-28 21:55 . 2006-09-28 21:55 74520 ----a-w- c:\program files\DSETUP.dll
2006-09-28 21:55 . 2006-09-28 21:55 484632 ----a-w- c:\program files\DXSETUP.exe
2006-09-28 21:55 . 2006-09-28 21:55 2248984 ----a-w- c:\program files\dsetup32.dll
2005-09-12 22:56 . 2005-09-12 22:56 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-18 296056]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2012-05-04 5053344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Newsflash.lnk - c:\program files\Common Files\MySoftware\Newsflsh.exe [2011-12-23 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\PracticeBuilder\\pbuilder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Pocket Tanks Deluxe\\pockettanks.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 atitray;atitray;c:\progra~1\NGOATI~1.4\ATT\atitray.sys [3/21/2005 12:50 AM 6656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/2/2012 8:22 PM 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/14/2012 9:30 PM 101112]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/2/2012 8:22 PM 212568]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/19/2010 11:42 AM 10448]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [9/6/2006 8:06 AM 70016]
R2 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [12/22/2008 8:48 PM 24576]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 4:57 PM 13904]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 4:01 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 4:01 AM 10448]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/2/2012 8:22 PM 69208]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 iniNpfs;iniNpfs;\??\c:\windows\system32\drivers\cdfltmgr.sys --> c:\windows\system32\drivers\cdfltmgr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/4/2012 6:21 PM 737184]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/7/2008 11:24 PM 96256]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [4/2/2012 8:22 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/2/2012 8:22 PM 94040]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [1/2/2006 4:29 PM 18088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [4/27/2005 3:33 AM 176256]
S4 HGKSM;HGKSM;c:\docume~1\James\LOCALS~1\Temp\HGKSM.exe --> c:\docume~1\James\LOCALS~1\Temp\HGKSM.exe [?]
S4 TUA;TUA;c:\docume~1\James\LOCALS~1\Temp\TUA.exe --> c:\docume~1\James\LOCALS~1\Temp\TUA.exe [?]
S4 WZASZYMY;WZASZYMY;c:\docume~1\James\LOCALS~1\Temp\WZASZYMY.exe --> c:\docume~1\James\LOCALS~1\Temp\WZASZYMY.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 09804360
*NewlyCreated* - 27043114
*NewlyCreated* - SPYHUNTER_4_SERVICE
*Deregistered* - 09804360
*Deregistered* - 27043114
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2008-12-19 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-19 00:30]
.
2012-05-16 c:\windows\Tasks\PC TuneUp Maestro Scan.job
- c:\program files\CompuClever\PC TuneUp Maestro\pctum.exe [2012-04-25 05:56]
.
2012-05-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1292428093-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2012-05-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1292428093-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2012-05-17 c:\windows\Tasks\User_Feed_Synchronization-{9ECE0870-82F7-463F-881D-6285D06B31D3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: avanquest.com\shop
Trusted Zone: womansonline.com\www
TCP: DhcpNameServer = 192.168.0.99
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www2.snapfish.com/SnapfishActivia2.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-FoxTab Media Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 07:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1292428093-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,d8,53,fe,1b,e1,4d,49,b6,3e,1e,2a,a6,02,5d,e1,0f,4a,ba,01,0d,03,80,
47,31,29,4a,71,c8,1c,df,99,f7,98,9a,dc,72,9e,49,ad,f8,62,b5,6d,8e,0d,c4,ec,\
"??"=hex:50,00,f6,37,79,55,c8,87,71,f0,ac,01,d7,89,c5,48
.
[HKEY_USERS\S-1-5-21-746137067-1292428093-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:aa,37,2d,d7,27,ab,13,77,51,7c,6e,68,90,71,c1,eb,3d,89,86,ef,a4,
cd,ad,41,82,b6,db,54,49,ce,fb,92,57,5b,16,02,51,cf,fd,bc,79,3a,73,98,18,f7,\
"rkeysecu"=hex:11,da,88,d0,ae,e2,0f,9a,76,5b,73,45,30,3f,d0,4f
.
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.22.00]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1716)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-05-17 07:58:12
ComboFix-quarantined-files.txt 2012-05-17 12:57
.
Pre-Run: 148,758,466,560 bytes free
Post-Run: 149,155,086,336 bytes free
.
- - End Of File - - 567EFA6ED9002A2919B37BF43D25D1F8

thanks again.

jr

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,823 posts

Gender:Male
Location:Puerto rico

Posted 17 May 2012 - 11:56 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#5 mdjr

Member

Members
26 posts

Posted 17 May 2012 - 03:08 PM

13:00:54.0796 8100 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
13:00:55.0125 8100 ============================================================
13:00:55.0125 8100 Current date / time: 2012/05/17 13:00:55.0125
13:00:55.0125 8100 SystemInfo:
13:00:55.0125 8100
13:00:55.0125 8100 OS Version: 5.1.2600 ServicePack: 3.0
13:00:55.0125 8100 Product type: Workstation
13:00:55.0125 8100 ComputerName: FAMILYRUIZ
13:00:55.0125 8100 UserName: James
13:00:55.0125 8100 Windows directory: C:\WINDOWS
13:00:55.0125 8100 System windows directory: C:\WINDOWS
13:00:55.0125 8100 Processor architecture: Intel x86
13:00:55.0125 8100 Number of processors: 1
13:00:55.0125 8100 Page size: 0x1000
13:00:55.0125 8100 Boot type: Normal boot
13:00:55.0125 8100 ============================================================
13:00:58.0156 8100 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:00:58.0171 8100 ============================================================
13:00:58.0171 8100 \Device\Harddisk0\DR0:
13:00:58.0171 8100 MBR partitions:
13:00:58.0171 8100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
13:00:58.0171 8100 ============================================================
13:00:58.0203 8100 C: <-> \Device\Harddisk0\DR0\Partition0
13:00:58.0203 8100 ============================================================
13:00:58.0203 8100 Initialize success
13:00:58.0203 8100 ============================================================
13:01:01.0078 9748 ============================================================
13:01:01.0078 9748 Scan started
13:01:01.0078 9748 Mode: Manual;
13:01:01.0078 9748 ============================================================
13:01:03.0781 9748 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:01:03.0781 9748 !SASCORE - ok
13:01:03.0921 9748 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
13:01:03.0937 9748 61883 - ok
13:01:03.0953 9748 Abiosdsk - ok
13:01:03.0953 9748 abp480n5 - ok
13:01:04.0000 9748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:01:04.0000 9748 ACPI - ok
13:01:04.0046 9748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:01:04.0046 9748 ACPIEC - ok
13:01:04.0078 9748 AdobeActiveFileMonitor6.0 (363ca4d6343e321f1ff3c11fb2d3836d) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
13:01:04.0078 9748 AdobeActiveFileMonitor6.0 - ok
13:01:04.0093 9748 adpu160m - ok
13:01:04.0140 9748 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
13:01:04.0140 9748 aeaudio - ok
13:01:04.0187 9748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:01:04.0187 9748 aec - ok
13:01:04.0234 9748 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
13:01:04.0234 9748 Afc - ok
13:01:04.0312 9748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:01:04.0312 9748 AFD - ok
13:01:04.0375 9748 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:01:04.0375 9748 agp440 - ok
13:01:04.0390 9748 Aha154x - ok
13:01:04.0406 9748 aic78u2 - ok
13:01:04.0421 9748 aic78xx - ok
13:01:04.0437 9748 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:01:04.0437 9748 Alerter - ok
13:01:04.0468 9748 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:01:04.0468 9748 ALG - ok
13:01:04.0484 9748 AliIde - ok
13:01:04.0500 9748 amsint - ok
13:01:04.0609 9748 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:01:04.0609 9748 Apple Mobile Device - ok
13:01:04.0656 9748 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:01:04.0671 9748 AppMgmt - ok
13:01:04.0687 9748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:01:04.0687 9748 Arp1394 - ok
13:01:04.0703 9748 asc - ok
13:01:04.0718 9748 asc3350p - ok
13:01:04.0734 9748 asc3550 - ok
13:01:04.0781 9748 aslm75 (71356a1370739e25375a1d17b6ae318f) C:\WINDOWS\system32\drivers\aslm75.sys
13:01:04.0781 9748 aslm75 - ok
13:01:04.0875 9748 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:01:04.0890 9748 aspnet_state - ok
13:01:04.0906 9748 ASUSHWIO - ok
13:01:04.0937 9748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:01:04.0937 9748 AsyncMac - ok
13:01:04.0968 9748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:01:04.0984 9748 atapi - ok
13:01:04.0984 9748 Atdisk - ok
13:01:05.0062 9748 Ati HotKey Poller (666e4e583a7cf1233c6425da16ecdc89) C:\WINDOWS\system32\Ati2evxx.exe
13:01:05.0078 9748 Ati HotKey Poller - ok
13:01:05.0140 9748 ATI Smart (2a8d3e71a2e5be184da02857a564d71e) C:\WINDOWS\system32\ati2sgag.exe
13:01:05.0156 9748 ATI Smart - ok
13:01:05.0312 9748 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:01:05.0390 9748 ati2mtag - ok
13:01:05.0515 9748 atitray (9231d01ba0951ce7eae011f84621d049) C:\PROGRA~1\NGOATI~1.4\ATT\atitray.sys
13:01:05.0515 9748 atitray - ok
13:01:05.0750 9748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:01:05.0750 9748 Atmarpc - ok
13:01:05.0812 9748 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:01:05.0812 9748 AudioSrv - ok
13:01:05.0859 9748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:01:05.0859 9748 audstub - ok
13:01:05.0906 9748 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
13:01:05.0906 9748 Avc - ok
13:01:05.0953 9748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:01:05.0953 9748 Beep - ok
13:01:06.0000 9748 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:01:06.0015 9748 BITS - ok
13:01:06.0125 9748 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:01:06.0171 9748 Bonjour Service - ok
13:01:06.0218 9748 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:01:06.0218 9748 Browser - ok
13:01:06.0359 9748 catchme - ok
13:01:06.0390 9748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:01:06.0390 9748 cbidf2k - ok
13:01:06.0500 9748 CCALib8 (20f89e232173985a455bc9a5f70d1166) C:\Program Files\Canon\CAL\CALMAIN.exe
13:01:06.0500 9748 CCALib8 - ok
13:01:06.0531 9748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:01:06.0546 9748 CCDECODE - ok
13:01:06.0562 9748 cd20xrnt - ok
13:01:06.0593 9748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:01:06.0593 9748 Cdaudio - ok
13:01:06.0640 9748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:01:06.0640 9748 Cdfs - ok
13:01:06.0718 9748 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
13:01:06.0718 9748 Cdr4_xp - ok
13:01:06.0750 9748 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
13:01:06.0750 9748 Cdralw2k - ok
13:01:06.0781 9748 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:01:06.0781 9748 Cdrom - ok
13:01:06.0796 9748 Changer - ok
13:01:06.0859 9748 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:01:06.0859 9748 CiSvc - ok
13:01:06.0890 9748 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:01:06.0906 9748 ClipSrv - ok
13:01:07.0031 9748 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:01:07.0078 9748 clr_optimization_v2.0.50727_32 - ok
13:01:07.0203 9748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:01:07.0203 9748 clr_optimization_v4.0.30319_32 - ok
13:01:07.0218 9748 CmdIde - ok
13:01:07.0234 9748 COMSysApp - ok
13:01:07.0265 9748 Cpqarray - ok
13:01:07.0281 9748 cpuz132 - ok
13:01:07.0531 9748 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
13:01:07.0562 9748 Creative Service for CDROM Access - ok
13:01:07.0828 9748 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:01:07.0843 9748 CryptSvc - ok
13:01:08.0031 9748 ctlsb16 (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
13:01:08.0046 9748 ctlsb16 - ok
13:01:08.0109 9748 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
13:01:08.0125 9748 ctsfm2k - ok
13:01:08.0296 9748 CVirtA (72f820e457bc8a1c61aeb86df89dd41a) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
13:01:08.0296 9748 CVirtA - ok
13:01:10.0078 9748 CVPND (865148fb7c6bc7c083cf642d3959bf69) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
13:01:10.0125 9748 CVPND - ok
13:01:10.0218 9748 CVPNDRVA (6416c11a89f23a70b576b83c03747cde) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
13:01:10.0218 9748 CVPNDRVA - ok
13:01:10.0250 9748 dac2w2k - ok
13:01:10.0265 9748 dac960nt - ok
13:01:10.0359 9748 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:01:10.0375 9748 DcomLaunch - ok
13:01:10.0437 9748 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:01:10.0437 9748 Dhcp - ok
13:01:10.0484 9748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:01:10.0484 9748 Disk - ok
13:01:10.0500 9748 dmadmin - ok
13:01:10.0562 9748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:01:10.0578 9748 dmboot - ok
13:01:10.0609 9748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:01:10.0625 9748 dmio - ok
13:01:10.0656 9748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:01:10.0656 9748 dmload - ok
13:01:10.0687 9748 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:01:10.0687 9748 dmserver - ok
13:01:10.0718 9748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:01:10.0718 9748 DMusic - ok
13:01:10.0750 9748 DNE (c86fbf607445bf693450d84b775f168c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
13:01:10.0765 9748 DNE - ok
13:01:10.0812 9748 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:01:10.0828 9748 Dnscache - ok
13:01:10.0875 9748 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:01:10.0890 9748 Dot3svc - ok
13:01:10.0906 9748 dpti2o - ok
13:01:10.0937 9748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:01:10.0937 9748 drmkaud - ok
13:01:10.0984 9748 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:01:10.0984 9748 EapHost - ok
13:01:11.0125 9748 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:01:11.0140 9748 eeCtrl - ok
13:01:11.0281 9748 EPSON_PM_RPCV4_01 (8fe6ab59cab8f2c038fea9522a5eeba7) C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
13:01:11.0281 9748 EPSON_PM_RPCV4_01 - ok
13:01:11.0328 9748 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:01:11.0328 9748 ERSvc - ok
13:01:11.0375 9748 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
13:01:11.0375 9748 esgiguard - ok
13:01:11.0421 9748 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:01:11.0437 9748 Eventlog - ok
13:01:11.0484 9748 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:01:11.0500 9748 EventSystem - ok
13:01:11.0546 9748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:01:11.0546 9748 Fastfat - ok
13:01:11.0625 9748 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:01:11.0625 9748 FastUserSwitchingCompatibility - ok
13:01:11.0671 9748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:01:11.0671 9748 Fdc - ok
13:01:11.0718 9748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:01:11.0718 9748 Fips - ok
13:01:11.0796 9748 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:01:11.0812 9748 FLEXnet Licensing Service - ok
13:01:11.0859 9748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:01:11.0859 9748 Flpydisk - ok
13:01:11.0906 9748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:01:11.0906 9748 FltMgr - ok
13:01:11.0984 9748 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:01:12.0000 9748 FontCache3.0.0.0 - ok
13:01:12.0015 9748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:01:12.0015 9748 Fs_Rec - ok
13:01:12.0046 9748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:01:12.0046 9748 Ftdisk - ok
13:01:12.0078 9748 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:01:12.0078 9748 gameenum - ok
13:01:12.0109 9748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:01:12.0125 9748 GEARAspiWDM - ok
13:01:12.0156 9748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:01:12.0156 9748 Gpc - ok
13:01:12.0265 9748 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:01:12.0281 9748 gusvc - ok
13:01:12.0328 9748 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:01:12.0328 9748 helpsvc - ok
13:01:12.0484 9748 HGKSM - ok
13:01:12.0515 9748 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:01:12.0515 9748 HidServ - ok
13:01:12.0562 9748 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:01:12.0562 9748 HidUsb - ok
13:01:12.0609 9748 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:01:12.0625 9748 hkmsvc - ok
13:01:12.0640 9748 hpn - ok
13:01:12.0687 9748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:01:12.0703 9748 HTTP - ok
13:01:12.0750 9748 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:01:12.0765 9748 HTTPFilter - ok
13:01:12.0781 9748 i2omgmt - ok
13:01:12.0796 9748 i2omp - ok
13:01:12.0843 9748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:01:12.0843 9748 i8042prt - ok
13:01:12.0953 9748 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:01:12.0953 9748 IDriverT - ok
13:01:13.0125 9748 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:01:13.0140 9748 idsvc - ok
13:01:13.0218 9748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:01:13.0234 9748 Imapi - ok
13:01:13.0281 9748 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:01:13.0281 9748 ImapiService - ok
13:01:13.0312 9748 ini910u - ok
13:01:13.0328 9748 iniNpfs - ok
13:01:13.0359 9748 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:01:13.0359 9748 IntelIde - ok
13:01:13.0406 9748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:01:13.0406 9748 intelppm - ok
13:01:13.0453 9748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:01:13.0453 9748 Ip6Fw - ok
13:01:13.0484 9748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:01:13.0484 9748 IpFilterDriver - ok
13:01:13.0515 9748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:01:13.0515 9748 IpInIp - ok
13:01:13.0562 9748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:01:13.0562 9748 IpNat - ok
13:01:13.0734 9748 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:01:13.0765 9748 iPod Service - ok
13:01:13.0828 9748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:01:13.0828 9748 IPSec - ok
13:01:13.0859 9748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:01:13.0859 9748 IRENUM - ok
13:01:13.0921 9748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:01:13.0921 9748 isapnp - ok
13:01:13.0968 9748 itchfltr (8f1ba487b35f0c8f637e05113aa815f8) C:\WINDOWS\system32\DRIVERS\itchfltr.sys
13:01:13.0968 9748 itchfltr - ok
13:01:14.0062 9748 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
13:01:14.0062 9748 JavaQuickStarterService - ok
13:01:14.0140 9748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:01:14.0140 9748 Kbdclass - ok
13:01:14.0171 9748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:01:14.0171 9748 kbdhid - ok
13:01:14.0218 9748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:01:14.0218 9748 kmixer - ok
13:01:14.0265 9748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:01:14.0265 9748 KSecDD - ok
13:01:14.0281 9748 L8042Kbd (151d8c22a57025d0619d9ed452a4f1ff) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
13:01:14.0296 9748 L8042Kbd - ok
13:01:14.0359 9748 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:01:14.0375 9748 lanmanserver - ok
13:01:14.0406 9748 LanmanWorkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:01:14.0406 9748 LanmanWorkstation - ok
13:01:14.0437 9748 Lbd - ok
13:01:14.0500 9748 LBeepKE (ca63fe81705ad660e482bef210bf2c73) C:\WINDOWS\system32\Drivers\LBeepKE.sys
13:01:14.0500 9748 LBeepKE - ok
13:01:14.0515 9748 lbrtfdc - ok
13:01:14.0609 9748 LBTServ (ab097d0f93b30a6d79d430422ac6a7e8) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:01:14.0625 9748 LBTServ - ok
13:01:14.0671 9748 LEqdUsb (ed8f9311cae12c41a58dae2ea6d6c849) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
13:01:14.0671 9748 LEqdUsb - ok
13:01:14.0734 9748 LexBceS (bbff8de885fc005fd38b0496c994afbd) C:\WINDOWS\system32\LEXBCES.EXE
13:01:14.0750 9748 LexBceS - ok
13:01:14.0781 9748 LHidEqd (9943f10c60eaf714c7010b37025a5ac5) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
13:01:14.0781 9748 LHidEqd - ok
13:01:14.0843 9748 LHidFilt (b68309f25c5787385da842eb5b496958) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
13:01:14.0843 9748 LHidFilt - ok
13:01:16.0234 9748 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:01:16.0250 9748 LmHosts - ok
13:01:16.0312 9748 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
13:01:16.0312 9748 LMouFilt - ok
13:01:16.0328 9748 LMouKE - ok
13:01:16.0375 9748 LUsbFilt (0c62957912d4df1e4ba9795e6be3ed38) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
13:01:16.0375 9748 LUsbFilt - ok
13:01:16.0437 9748 LxrSII1d (db7f488269290a8c1907602b7f4c213d) C:\WINDOWS\system32\Drivers\LxrSII1d.sys
13:01:16.0437 9748 LxrSII1d - ok
13:01:16.0453 9748 LxrSII1s - ok
13:01:16.0531 9748 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:01:16.0531 9748 MDM - ok
13:01:16.0578 9748 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:01:16.0578 9748 Messenger - ok
13:01:16.0671 9748 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
13:01:16.0671 9748 MidiSyn - ok
13:01:16.0734 9748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:01:16.0734 9748 mnmdd - ok
13:01:16.0781 9748 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:01:16.0781 9748 mnmsrvc - ok
13:01:16.0828 9748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:01:16.0828 9748 Modem - ok
13:01:16.0859 9748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:01:16.0859 9748 Mouclass - ok
13:01:16.0906 9748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:01:16.0906 9748 mouhid - ok
13:01:16.0937 9748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:01:16.0937 9748 MountMgr - ok
13:01:16.0953 9748 mraid35x - ok
13:01:16.0984 9748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:01:16.0984 9748 MRxDAV - ok
13:01:17.0062 9748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:01:17.0093 9748 MRxSmb - ok
13:01:17.0140 9748 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:01:17.0140 9748 MSDTC - ok
13:01:17.0187 9748 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
13:01:17.0187 9748 MSDV - ok
13:01:17.0218 9748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:01:17.0218 9748 Msfs - ok
13:01:17.0234 9748 MSIServer - ok
13:01:17.0281 9748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:01:17.0281 9748 MSKSSRV - ok
13:01:17.0296 9748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:01:17.0296 9748 MSPCLOCK - ok
13:01:17.0312 9748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:01:17.0312 9748 MSPQM - ok
13:01:17.0375 9748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:01:17.0375 9748 mssmbios - ok
13:01:17.0421 9748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:01:17.0421 9748 MSTEE - ok
13:01:17.0453 9748 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
13:01:17.0453 9748 ms_mpu401 - ok
13:01:17.0484 9748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:01:17.0484 9748 Mup - ok
13:01:17.0531 9748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:01:17.0531 9748 NABTSFEC - ok
13:01:17.0593 9748 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:01:17.0593 9748 napagent - ok
13:01:17.0640 9748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:01:17.0640 9748 NDIS - ok
13:01:17.0703 9748 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
13:01:17.0703 9748 ndiscm - ok
13:01:17.0718 9748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:01:17.0718 9748 NdisIP - ok
13:01:17.0765 9748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:01:17.0765 9748 NdisTapi - ok
13:01:17.0781 9748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:01:17.0781 9748 Ndisuio - ok
13:01:17.0828 9748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:01:17.0828 9748 NdisWan - ok
13:01:17.0890 9748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:01:17.0890 9748 NDProxy - ok
13:01:17.0906 9748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:01:17.0906 9748 NetBIOS - ok
13:01:17.0984 9748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:01:18.0000 9748 NetBT - ok
13:01:18.0046 9748 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:01:18.0062 9748 NetDDE - ok
13:01:18.0078 9748 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:01:18.0078 9748 NetDDEdsdm - ok
13:01:18.0125 9748 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:01:18.0125 9748 Netlogon - ok
13:01:18.0156 9748 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:01:18.0171 9748 Netman - ok
13:01:18.0296 9748 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:01:18.0296 9748 NetTcpPortSharing - ok
13:01:18.0328 9748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:01:18.0343 9748 NIC1394 - ok
13:01:18.0406 9748 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:01:18.0421 9748 Nla - ok
13:01:18.0453 9748 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:01:18.0453 9748 nm - ok
13:01:18.0468 9748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:01:18.0468 9748 Npfs - ok
13:01:18.0531 9748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:01:18.0546 9748 Ntfs - ok
13:01:18.0562 9748 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:01:18.0578 9748 NtLmSsp - ok
13:01:18.0625 9748 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:01:18.0640 9748 NtmsSvc - ok
13:01:18.0671 9748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:01:18.0671 9748 Null - ok
13:01:18.0734 9748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:01:18.0734 9748 NwlnkFlt - ok
13:01:18.0765 9748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:01:18.0765 9748 NwlnkFwd - ok
13:01:18.0796 9748 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:01:18.0812 9748 NwlnkIpx - ok
13:01:18.0828 9748 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:01:18.0828 9748 NwlnkNb - ok
13:01:18.0875 9748 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:01:18.0875 9748 NwlnkSpx - ok
13:01:18.0953 9748 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
13:01:18.0953 9748 NwSapAgent - ok
13:01:19.0125 9748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:01:19.0140 9748 odserv - ok
13:01:19.0187 9748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:01:19.0187 9748 ohci1394 - ok
13:01:19.0250 9748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:01:19.0250 9748 ose - ok
13:01:19.0312 9748 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
13:01:19.0312 9748 ossrv - ok
13:01:19.0437 9748 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
13:01:19.0468 9748 P17 - ok
13:01:19.0546 9748 PACS Client Updater (53fe24d54bb46a209517ae1f4b05fc5a) C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
13:01:19.0546 9748 PACS Client Updater - ok
13:01:19.0718 9748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:01:19.0718 9748 Parport - ok
13:01:19.0750 9748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:01:19.0750 9748 PartMgr - ok
13:01:19.0796 9748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:01:19.0812 9748 ParVdm - ok
13:01:19.0828 9748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:01:19.0828 9748 PCI - ok
13:01:19.0843 9748 PCIDump - ok
13:01:19.0890 9748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:01:19.0890 9748 PCIIde - ok
13:01:19.0921 9748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:01:19.0921 9748 Pcmcia - ok
13:01:19.0937 9748 PDCOMP - ok
13:01:19.0953 9748 PDFRAME - ok
13:01:19.0968 9748 PDRELI - ok
13:01:19.0984 9748 PDRFRAME - ok
13:01:20.0000 9748 perc2 - ok
13:01:20.0015 9748 perc2hib - ok
13:01:20.0078 9748 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
13:01:20.0078 9748 pfc - ok
13:01:20.0125 9748 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:01:20.0125 9748 PlugPlay - ok
13:01:20.0203 9748 PnkBstrA (831883b107684301f48ace752c963984) C:\WINDOWS\system32\PnkBstrA.exe
13:01:20.0203 9748 PnkBstrA - ok
13:01:20.0234 9748 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:01:20.0250 9748 PolicyAgent - ok
13:01:20.0281 9748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:01:20.0296 9748 PptpMiniport - ok
13:01:20.0343 9748 prodrv06 (47a6570dabbc458652852a77f1f758f2) C:\WINDOWS\System32\drivers\prodrv06.sys
13:01:20.0359 9748 prodrv06 - ok
13:01:20.0390 9748 prohlp02 (f01f199fc352d6816b87b8225a89c8dd) C:\WINDOWS\system32\drivers\prohlp02.sys
13:01:20.0390 9748 prohlp02 - ok
13:01:20.0437 9748 prosync1 (353499497510f2781d647c6db9226a70) C:\WINDOWS\system32\drivers\prosync1.sys
13:01:20.0437 9748 prosync1 - ok
13:01:20.0453 9748 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:01:20.0453 9748 ProtectedStorage - ok
13:01:20.0484 9748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:01:20.0484 9748 PSched - ok
13:01:20.0531 9748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:01:20.0531 9748 Ptilink - ok
13:01:20.0546 9748 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
13:01:20.0546 9748 PxHelp20 - ok
13:01:20.0562 9748 ql1080 - ok
13:01:20.0578 9748 Ql10wnt - ok
13:01:20.0593 9748 ql12160 - ok
13:01:20.0609 9748 ql1240 - ok
13:01:20.0625 9748 ql1280 - ok
13:01:20.0656 9748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:01:20.0656 9748 RasAcd - ok
13:01:20.0687 9748 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:01:20.0703 9748 RasAuto - ok
13:01:20.0734 9748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:01:20.0750 9748 Rasl2tp - ok
13:01:20.0812 9748 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:01:20.0812 9748 RasMan - ok
13:01:20.0843 9748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:01:20.0843 9748 RasPppoe - ok
13:01:20.0859 9748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:01:20.0859 9748 Raspti - ok
13:01:20.0890 9748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:01:20.0890 9748 Rdbss - ok
13:01:20.0921 9748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:01:20.0921 9748 RDPCDD - ok
13:01:20.0953 9748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:01:20.0953 9748 rdpdr - ok
13:01:21.0031 9748 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:01:21.0031 9748 RDPWD - ok
13:01:21.0062 9748 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:01:21.0078 9748 RDSessMgr - ok
13:01:21.0109 9748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:01:21.0125 9748 redbook - ok
13:01:21.0171 9748 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:01:21.0171 9748 RemoteAccess - ok
13:01:21.0203 9748 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:01:21.0203 9748 RemoteRegistry - ok
13:01:21.0250 9748 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:01:21.0250 9748 RpcLocator - ok
13:01:21.0312 9748 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:01:21.0312 9748 RpcSs - ok
13:01:21.0359 9748 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:01:21.0375 9748 RSVP - ok
13:01:21.0421 9748 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:01:21.0421 9748 SamSs - ok
13:01:21.0562 9748 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:01:21.0562 9748 SASDIFSV - ok
13:01:21.0578 9748 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:01:21.0578 9748 SASKUTIL - ok
13:01:21.0656 9748 SbFw (eb4a2b5faa3decd33ed682a5569e287f) C:\WINDOWS\system32\drivers\SbFw.sys
13:01:21.0671 9748 SbFw - ok
13:01:21.0703 9748 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
13:01:21.0703 9748 SBFWIMCL - ok
13:01:21.0750 9748 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
13:01:21.0750 9748 SBFWIMCLMP - ok
13:01:21.0765 9748 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\WINDOWS\system32\drivers\sbhips.sys
13:01:21.0781 9748 sbhips - ok
13:01:21.0828 9748 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\WINDOWS\system32\drivers\SBREdrv.sys
13:01:21.0828 9748 SBRE - ok
13:01:21.0890 9748 SbTis (44062a740434b7c3946096d615aaa91c) C:\WINDOWS\system32\drivers\sbtis.sys
13:01:21.0890 9748 SbTis - ok
13:01:21.0953 9748 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:01:21.0953 9748 SCardSvr - ok
13:01:22.0031 9748 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:01:22.0031 9748 Schedule - ok
13:01:22.0078 9748 SDVC05 (92aaa6a9337977476d56624ed3cbbfb3) C:\WINDOWS\system32\Drivers\SDVC05.sys
13:01:22.0078 9748 SDVC05 - ok
13:01:22.0125 9748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:01:22.0125 9748 Secdrv - ok
13:01:22.0140 9748 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:01:22.0156 9748 seclogon - ok
13:01:22.0171 9748 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:01:22.0171 9748 SENS - ok
13:01:22.0218 9748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:01:22.0218 9748 serenum - ok
13:01:22.0250 9748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:01:22.0250 9748 Serial - ok
13:01:22.0359 9748 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
13:01:22.0359 9748 sfhlp01 - ok
13:01:22.0375 9748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:01:22.0375 9748 Sfloppy - ok
13:01:22.0453 9748 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:01:22.0468 9748 SharedAccess - ok
13:01:22.0515 9748 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:01:22.0531 9748 ShellHWDetection - ok
13:01:22.0546 9748 Simbad - ok
13:01:22.0593 9748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:01:22.0593 9748 SLIP - ok
13:01:22.0671 9748 smwdm (7d9b50329af9fd94b0529282530d2cb7) C:\WINDOWS\system32\drivers\smwdm.sys
13:01:22.0687 9748 smwdm - ok
13:01:22.0718 9748 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:01:22.0734 9748 SONYPVU1 - ok
13:01:22.0750 9748 Sparrow - ok
13:01:22.0781 9748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:01:22.0781 9748 splitter - ok
13:01:22.0843 9748 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:01:22.0843 9748 Spooler - ok
13:01:23.0031 9748 SpyHunter 4 Service (b147340b7252c7793d250dbeaab628b8) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
13:01:23.0046 9748 SpyHunter 4 Service - ok
13:01:23.0093 9748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:01:23.0093 9748 sr - ok
13:01:23.0156 9748 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:01:23.0171 9748 srservice - ok
13:01:23.0234 9748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:01:23.0250 9748 Srv - ok
13:01:23.0281 9748 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:01:23.0281 9748 SSDPSRV - ok
13:01:23.0390 9748 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:01:23.0406 9748 stisvc - ok
13:01:23.0437 9748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:01:23.0437 9748 streamip - ok
13:01:23.0484 9748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:01:23.0484 9748 swenum - ok
13:01:23.0515 9748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:01:23.0531 9748 swmidi - ok
13:01:23.0546 9748 SwPrv - ok
13:01:23.0562 9748 symc810 - ok
13:01:23.0578 9748 symc8xx - ok
13:01:23.0656 9748 sym_hi - ok
13:01:23.0687 9748 sym_u3 - ok
13:01:23.0718 9748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:01:23.0734 9748 sysaudio - ok
13:01:23.0765 9748 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:01:23.0765 9748 SysmonLog - ok
13:01:23.0843 9748 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:01:23.0843 9748 TapiSrv - ok
13:01:23.0875 9748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:01:23.0890 9748 Tcpip - ok
13:01:23.0906 9748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:01:23.0906 9748 TDPIPE - ok
13:01:24.0203 9748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:01:24.0203 9748 TDTCP - ok
13:01:24.0218 9748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:01:24.0218 9748 TermDD - ok
13:01:24.0265 9748 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:01:24.0281 9748 TermService - ok
13:01:24.0328 9748 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:01:24.0328 9748 Themes - ok
13:01:24.0375 9748 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:01:24.0390 9748 TlntSvr - ok
13:01:24.0390 9748 TosIde - ok
13:01:24.0765 9748 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:01:24.0859 9748 TrkWks - ok
13:01:25.0250 9748 TUA - ok
13:01:25.0328 9748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:01:25.0328 9748 Udfs - ok
13:01:25.0343 9748 ultra - ok
13:01:25.0421 9748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:01:25.0437 9748 Update - ok
13:01:25.0500 9748 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:01:25.0515 9748 upnphost - ok
13:01:25.0562 9748 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:01:25.0562 9748 UPS - ok
13:01:25.0609 9748 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:01:25.0609 9748 USBAAPL - ok
13:01:25.0671 9748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:01:25.0687 9748 usbaudio - ok
13:01:25.0703 9748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:01:25.0718 9748 usbccgp - ok
13:01:25.0765 9748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:01:25.0765 9748 usbehci - ok
13:01:25.0796 9748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:01:25.0796 9748 usbhub - ok
13:01:25.0828 9748 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:01:25.0828 9748 usbohci - ok
13:01:25.0843 9748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:01:25.0843 9748 usbprint - ok
13:01:25.0890 9748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:01:25.0890 9748 usbscan - ok
13:01:25.0937 9748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:01:25.0937 9748 USBSTOR - ok
13:01:25.0968 9748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:01:25.0968 9748 usbuhci - ok
13:01:26.0015 9748 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
13:01:26.0015 9748 USB_RNDIS - ok
13:01:26.0046 9748 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:01:26.0046 9748 usb_rndisx - ok
13:01:26.0078 9748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:01:26.0093 9748 VgaSave - ok
13:01:26.0109 9748 ViaIde - ok
13:01:26.0125 9748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:01:26.0125 9748 VolSnap - ok
13:01:26.0187 9748 vsdatant (baa5668909a0edcc61a6a8099bb07659) C:\WINDOWS\system32\vsdatant.sys
13:01:26.0203 9748 vsdatant - ok
13:01:26.0265 9748 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:01:26.0281 9748 VSS - ok
13:01:26.0328 9748 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:01:26.0328 9748 W32Time - ok
13:01:26.0375 9748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:01:26.0375 9748 Wanarp - ok
13:01:26.0437 9748 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:01:26.0453 9748 Wdf01000 - ok
13:01:26.0468 9748 WDICA - ok
13:01:26.0500 9748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:01:26.0500 9748 wdmaud - ok
13:01:26.0531 9748 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:01:26.0546 9748 WebClient - ok
13:01:26.0671 9748 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:01:26.0671 9748 winmgmt - ok
13:01:26.0734 9748 WMDM PMSP Service (668056d5c3c11ab7d266819a96b964e8) C:\WINDOWS\system32\MsPMSPSv.exe
13:01:26.0734 9748 WMDM PMSP Service - ok
13:01:26.0781 9748 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
13:01:26.0781 9748 WmdmPmSN - ok
13:01:26.0859 9748 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:01:26.0875 9748 Wmi - ok
13:01:26.0921 9748 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:01:26.0921 9748 WmiApSrv - ok
13:01:27.0093 9748 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:01:27.0109 9748 WMPNetworkSvc - ok
13:01:27.0171 9748 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:01:27.0171 9748 WpdUsb - ok
13:01:27.0343 9748 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:01:27.0359 9748 WPFFontCache_v0400 - ok
13:01:27.0390 9748 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:01:27.0390 9748 WS2IFSL - ok
13:01:27.0453 9748 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:01:27.0453 9748 wscsvc - ok
13:01:27.0500 9748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:01:27.0500 9748 WSTCODEC - ok
13:01:27.0546 9748 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:01:27.0546 9748 wuauserv - ok
13:01:27.0625 9748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:01:27.0625 9748 WudfPf - ok
13:01:27.0671 9748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:01:27.0671 9748 WudfRd - ok
13:01:27.0718 9748 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:01:27.0718 9748 WudfSvc - ok
13:01:27.0859 9748 WZASZYMY - ok
13:01:27.0921 9748 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:01:27.0937 9748 WZCSVC - ok
13:01:27.0984 9748 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:01:27.0984 9748 xmlprov - ok
13:01:28.0062 9748 yukonwxp (ae9573e9563771c7f2f333e728fe7e76) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
13:01:28.0062 9748 yukonwxp - ok
13:01:28.0125 9748 yukonx86 (24143e06d15db866dea29258f77fd89d) C:\WINDOWS\system32\DRIVERS\yukonx86.sys
13:01:28.0140 9748 yukonx86 - ok
13:01:28.0218 9748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:01:28.0796 9748 \Device\Harddisk0\DR0 - ok
13:01:28.0812 9748 Boot (0x1200) (8ee1d959b9542b77198102aea0bc857a) \Device\Harddisk0\DR0\Partition0
13:01:28.0812 9748 \Device\Harddisk0\DR0\Partition0 - ok
13:01:28.0828 9748 ============================================================
13:01:28.0828 9748 Scan finished
13:01:28.0828 9748 ============================================================
13:01:28.0843 7396 Detected object count: 0
13:01:28.0843 7396 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 12:58:06
-----------------------------
12:58:06.750 OS Version: Windows 5.1.2600 Service Pack 3
12:58:06.750 Number of processors: 1 586 0x204
12:58:06.750 ComputerName: FAMILYRUIZ UserName: James
12:58:07.875 Initialize success
13:00:48.750 AVAST engine defs: 12051700
13:03:52.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:03:52.234 Disk 0 Vendor: WDC_WD2500JB-00GVC0 08.02D08 Size: 238475MB BusType: 3
13:03:52.265 Disk 0 MBR read successfully
13:03:52.265 Disk 0 MBR scan
13:03:52.312 Disk 0 Windows XP default MBR code
13:03:52.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
13:03:52.328 Disk 0 scanning sectors +488392065
13:03:52.390 Disk 0 scanning C:\WINDOWS\system32\drivers
13:04:07.656 Service scanning
13:04:28.171 Modules scanning
13:04:35.250 Disk 0 trace - called modules:
13:04:35.265 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS
13:04:35.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6faab8]
13:04:35.781 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\0000008c[0x8a747500]
13:04:35.781 5 ACPI.sys[f74e0620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a71c998]
13:04:35.781 \Driver\atapi[0x8a79a4b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf79916e1]
13:04:36.765 AVAST engine scan C:\
15:08:05.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
15:08:05.984 The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\virus.txt"

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,823 posts

Gender:Male
Location:Puerto rico

Posted 17 May 2012 - 04:43 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTL.txt in your next reply.

Gringo

#7 mdjr

Member

Members
26 posts

Posted 17 May 2012 - 06:19 PM

OTL logfile created on: 5/17/2012 5:08:25 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.69 Gb Available Physical Memory | 46.32% Memory free
2.85 Gb Paging File | 2.09 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 138.76 Gb Free Space | 59.58% Space Free | Partition Type: NTFS
Drive E: | 3.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FAMILYRUIZ | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\James\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\0I332UQ9\aswMBR[1].exe (AVAST Software)
PRC - C:\Program Files\Real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe (Agfa Healthcare)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsOrganizer.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)

========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e7470410\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_76e12144\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_50dc789c\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\Track2Filter.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\Track1Filter.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\DetectionUtils.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\Aoc.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\AdobeXMP.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\QtPlugins\imageformats\qjpeg1.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\QtGui4.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\QtNetwork4.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\QtXml4.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\QtCore4.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\OperaMgr.dll ()
MOD - C:\Program Files\Adobe\Photoshop Elements 6.0\libmmd.dll ()
MOD - c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll ()
MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()

========== Win32 Services (SafeList) ==========

SRV - (WZASZYMY) -- C:\DOCUME~1\James\LOCALS~1\Temp\WZASZYMY.exe File not found
SRV - (TUA) -- C:\DOCUME~1\James\LOCALS~1\Temp\TUA.exe File not found
SRV - (LxrSII1s) -- LxrSII1s.exe File not found
SRV - (HGKSM) -- C:\DOCUME~1\James\LOCALS~1\Temp\HGKSM.exe File not found
SRV - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (PACS Client Updater) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe (Agfa Healthcare)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (LMouKE) -- System32\Drivers\LMouKE.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (iniNpfs) -- C:\WINDOWS\system32\drivers\cdfltmgr.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (cpuz132) -- C:\DOCUME~1\James\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\James\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\DOCUME~1\James\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (ASUSHWIO) -- C:\WINDOWS\system32\drivers\ASUSHWIO.sys File not found
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (GFI Software)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (SbFw) -- C:\WINDOWS\system32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (sbhips) -- C:\WINDOWS\system32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCLMP) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\WINDOWS\system32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (USB_RNDIS) Linksys Cable Modem (CM100) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (prodrv06) -- C:\WINDOWS\system32\drivers\prodrv06.sys (Protection Technology)
DRV - (prohlp02) -- C:\WINDOWS\system32\drivers\prohlp02.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\system32\drivers\prosync1.sys (Protection Technology)
DRV - (LxrSII1d) -- C:\WINDOWS\system32\drivers\LxrSII1d.sys ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (atitray) -- C:\Program Files\NGO ATI Optimized Driver v2.4\ATT\atitray.sys ()
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (yukonx86) -- C:\WINDOWS\system32\drivers\yukonx86.sys (Marvell Semiconductor Inc.)
DRV - (sfhlp01) -- C:\WINDOWS\system32\drivers\sfhlp01.sys (Protection Technology)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (SDVC05) -- C:\WINDOWS\system32\drivers\SDVC05.sys (HaSoInTech)
DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlsb16.sys (Copyright © Creative Technology Ltd. 1994-2001)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (aslm75) -- C:\WINDOWS\system32\drivers\ASLM75.SYS ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search-gala.com/?uid=157&q={searchTerms}&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/18 00:12:04 | 000,000,000 | ---D | M]

[2010/07/11 18:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/05/17 07:53:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Newsflash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe (Avanquest USA LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..Trusted Domains: avanquest.com ([shop] https in Trusted sites)
O15 - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..Trusted Domains: womansonline.com ([www] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab (Reg Error: Key error.)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://moneycentral.msn.com/cabs/pmupd806.exe (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} http://www2.snapfish.com/SnapfishActivia2.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.33/ttinst.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF3B3D1-174F-4476-988A-3084B5FA4446}: DhcpNameServer = 192.168.0.99
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:1 () - http://www.howrse.com/
O24 - Desktop WallPaper: C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/27 03:20:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 17:07:24 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2012/05/17 07:37:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 07:37:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 07:37:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 07:37:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/17 07:37:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/17 07:36:23 | 004,495,594 | R--- | C] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2012/05/16 15:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/16 15:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/16 11:54:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\SpyHunter
[2012/05/15 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\tdsskiller
[2012/05/15 15:43:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\New Folder (2)
[2012/05/15 09:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\My Digital Editions
[2012/05/15 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\CompuClever
[2012/05/15 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\CompuClever
[2012/05/15 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CompuClever
[2012/05/15 09:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\CompuClever
[2012/05/14 21:30:39 | 000,101,112 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/05/14 21:30:39 | 000,042,864 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\SBBD.EXE
[2012/05/13 22:51:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/13 22:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/13 21:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/05/13 21:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\HostsXpert
[2012/05/03 19:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\My Documents\New Folder
[2012/04/26 10:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\curriculm
[2012/04/18 20:56:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2012/04/18 20:56:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/17 17:29:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9ECE0870-82F7-463F-881D-6285D06B31D3}.job
[2012/05/17 17:07:33 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2012/05/17 17:05:33 | 000,079,207 | ---- | M] () -- C:\Documents and Settings\James\Desktop\pho22to.JPG
[2012/05/17 15:08:05 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2012/05/17 14:48:39 | 000,034,526 | ---- | M] () -- C:\Documents and Settings\James\Desktop\55.JPG
[2012/05/17 09:34:54 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Womans Online.url
[2012/05/17 09:31:51 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\James\Desktop\WOMANS.url
[2012/05/17 07:53:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/17 07:32:28 | 004,495,594 | R--- | M] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2012/05/16 16:28:54 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2012/05/16 16:28:54 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/16 15:54:47 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/16 14:56:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/16 11:54:50 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\James\Desktop\SpyHunter.lnk
[2012/05/16 03:26:02 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\PC TuneUp Maestro Scan.job
[2012/05/15 10:09:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James\defogger_reenable
[2012/05/15 09:57:19 | 000,358,774 | ---- | M] () -- C:\Documents and Settings\James\Desktop\CPI Breast Radiology 2011-answersheet.pdf
[2012/05/15 09:46:02 | 000,001,837 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/05/15 09:46:02 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2012/05/15 09:41:13 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\PC TuneUp Maestro.lnk
[2012/05/15 09:41:13 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\James\Desktop\PC TuneUp Maestro.lnk
[2012/05/15 09:40:25 | 006,902,784 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Breast_Radiology_2011.epub
[2012/05/15 07:13:32 | 000,000,268 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Rad Assoc.url
[2012/05/14 21:55:20 | 000,001,296 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/14 21:52:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/14 21:52:26 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1292428093-839522115-1003.job
[2012/05/14 21:52:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 21:51:58 | 1609,879,552 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 07:42:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/13 18:20:46 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\James\My Documents\old christmasmml.bcf
[2012/05/13 18:20:46 | 000,086,872 | ---- | M] () -- C:\Documents and Settings\James\My Documents\old christmas.mml
[2012/05/13 18:20:46 | 000,002,788 | ---- | M] () -- C:\Documents and Settings\James\My Documents\old christmasmml.fsif
[2012/05/13 18:20:46 | 000,002,028 | ---- | M] () -- C:\Documents and Settings\James\My Documents\old christmasmml.msif
[2012/05/13 09:55:53 | 000,267,776 | ---- | M] () -- C:\Documents and Settings\James\My Documents\return addressmml.bcf
[2012/05/13 09:55:53 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\James\My Documents\return address.mml
[2012/05/13 09:55:53 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\James\My Documents\return addressmml.fsif
[2012/05/13 09:55:53 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\James\My Documents\return addressmml.msif
[2012/05/12 23:13:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1292428093-839522115-1003.job
[2012/05/10 22:34:25 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Welcome to edline.net.url
[2012/05/10 06:42:46 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/05/10 03:48:49 | 000,407,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 03:26:11 | 000,484,620 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 03:26:11 | 000,080,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/10 03:17:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/09 10:25:22 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/07 19:25:55 | 000,060,900 | ---- | M] () -- C:\Documents and Settings\James\Desktop\picture-1_edited.jpg
[2012/05/05 13:23:06 | 023,552,369 | ---- | M] () -- C:\Documents and Settings\James\Desktop\angi.psd
[2012/05/03 16:49:58 | 002,107,228 | ---- | M] () -- C:\Documents and Settings\James\Desktop\angi.jpg
[2012/05/03 13:47:00 | 000,887,074 | ---- | M] () -- C:\Documents and Settings\James\Desktop\6thpg2-Brookshers.jpg
[2012/05/03 13:47:00 | 000,781,428 | ---- | M] () -- C:\Documents and Settings\James\Desktop\5thpgr3-Rogers-Sotile.jpg
[2012/05/03 13:44:38 | 001,155,806 | R--- | M] () -- C:\Documents and Settings\James\Desktop\IMGP9764.jpg
[2012/05/03 13:31:00 | 002,145,508 | ---- | M] () -- C:\Documents and Settings\James\Desktop\3boys.JPG
[2012/05/03 13:31:00 | 001,085,902 | ---- | M] () -- C:\Documents and Settings\James\Desktop\001_all_leaders2-with_Heidi_T1.jpg
[2012/05/03 13:31:00 | 000,781,428 | ---- | M] () -- C:\Documents and Settings\James\Desktop\5thpgr3-Rogers-Sotile1.jpg
[2012/05/03 13:31:00 | 000,777,031 | ---- | M] () -- C:\Documents and Settings\James\Desktop\3rdpgr3-Gudiel1.jpg
[2012/04/26 22:35:55 | 000,010,271 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Tiger Rant - LSU Sports Forum @ TigerDroppings.com.url
[2012/04/23 08:49:41 | 000,612,298 | ---- | M] () -- C:\Documents and Settings\James\Desktop\dupeCertPrintImage.jpg
[2012/04/18 20:56:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2012/04/18 20:56:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/17 15:08:05 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2012/05/17 14:48:50 | 000,079,207 | ---- | C] () -- C:\Documents and Settings\James\Desktop\pho22to.JPG
[2012/05/17 14:48:39 | 000,034,526 | ---- | C] () -- C:\Documents and Settings\James\Desktop\55.JPG
[2012/05/17 07:37:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 07:37:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 07:37:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/16 15:54:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/05/16 11:54:50 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\James\Desktop\SpyHunter.lnk
[2012/05/15 10:09:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James\defogger_reenable
[2012/05/15 09:57:19 | 000,358,774 | ---- | C] () -- C:\Documents and Settings\James\Desktop\CPI Breast Radiology 2011-answersheet.pdf
[2012/05/15 09:46:02 | 000,001,837 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/05/15 09:46:02 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/05/15 09:46:02 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2012/05/15 09:41:16 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\PC TuneUp Maestro Scan.job
[2012/05/15 09:41:13 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\PC TuneUp Maestro.lnk
[2012/05/15 09:41:13 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\James\Desktop\PC TuneUp Maestro.lnk
[2012/05/15 09:40:16 | 006,902,784 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Breast_Radiology_2011.epub
[2012/05/14 21:55:09 | 000,001,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/07 19:27:10 | 000,060,900 | ---- | C] () -- C:\Documents and Settings\James\Desktop\picture-1_edited.jpg
[2012/05/04 14:34:25 | 023,552,369 | ---- | C] () -- C:\Documents and Settings\James\Desktop\angi.psd
[2012/05/03 16:49:55 | 002,107,228 | ---- | C] () -- C:\Documents and Settings\James\Desktop\angi.jpg
[2012/05/03 15:47:09 | 001,155,806 | R--- | C] () -- C:\Documents and Settings\James\Desktop\IMGP9764.jpg
[2012/05/03 14:53:12 | 000,777,031 | ---- | C] () -- C:\Documents and Settings\James\Desktop\3rdpgr3-Gudiel1.jpg
[2012/05/03 14:53:09 | 000,887,074 | ---- | C] () -- C:\Documents and Settings\James\Desktop\6thpg2-Brookshers.jpg
[2012/05/03 14:52:28 | 000,781,428 | ---- | C] () -- C:\Documents and Settings\James\Desktop\5thpgr3-Rogers-Sotile.jpg
[2012/05/03 14:52:25 | 000,781,428 | ---- | C] () -- C:\Documents and Settings\James\Desktop\5thpgr3-Rogers-Sotile1.jpg
[2012/05/03 14:52:20 | 001,085,902 | ---- | C] () -- C:\Documents and Settings\James\Desktop\001_all_leaders2-with_Heidi_T1.jpg
[2012/05/03 14:52:16 | 002,145,508 | ---- | C] () -- C:\Documents and Settings\James\Desktop\3boys.JPG
[2012/04/23 08:49:41 | 000,612,298 | ---- | C] () -- C:\Documents and Settings\James\Desktop\dupeCertPrintImage.jpg
[2012/04/20 21:54:46 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Rad Assoc.url
[2012/04/19 06:38:37 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\James\Desktop\WOMANS.url
[2011/06/11 23:56:12 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2011/04/25 22:22:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/25 22:22:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/01/11 20:03:28 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2011/01/11 20:03:28 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2011/01/11 20:03:26 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2011/01/11 20:03:26 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe
[2010/12/18 09:07:33 | 000,000,200 | ---- | C] () -- C:\WINDOWS\MML_PRT.INI
[2010/12/07 10:48:20 | 000,519,551 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-746137067-1292428093-839522115-1003-0.dat
[2010/12/07 10:48:13 | 000,361,174 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/24 00:10:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/24 00:10:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/01 10:26:26 | 000,012,989 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft Excel.CAL

========== Files - Unicode (All) ==========
[2012/04/10 21:22:41 | 000,000,262 | ---- | M] ()(C:\Documents and Settings\James\Desktop\On this retreat.docx?(19KB)?.url) -- C:\Documents and Settings\James\Desktop\On this retreat.docx‎(19KB)‎.url
[2012/04/10 21:22:41 | 000,000,262 | ---- | C] ()(C:\Documents and Settings\James\Desktop\On this retreat.docx?(19KB)?.url) -- C:\Documents and Settings\James\Desktop\On this retreat.docx‎(19KB)‎.url

< End of report >

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,823 posts

Gender:Male
Location:Puerto rico

Posted 17 May 2012 - 09:28 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:OTL
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-746137067-1292428093-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = <http://search-gala.com/?uid=157&q={searchTerms}&rlz=1I7GGLL_en>
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

#9 mdjr

Member

Members
26 posts

Posted 17 May 2012 - 10:02 PM

========== OTL ==========
HKEY_USERS\S-1-5-21-746137067-1292428093-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-746137067-1292428093-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\James\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\James\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: James
->Java cache emptied: 1392732 bytes

User: LocalService

User: mom
->Java cache emptied: 0 bytes

User: NetworkService

User: sarah
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: James
->Flash cache emptied: 126855 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: mom
->Flash cache emptied: 0 bytes

User: NetworkService

User: sarah
->Flash cache emptied: 12575 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.43.0 log created on 05172012_220317

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,823 posts

Gender:Male
Location:Puerto rico

Posted 17 May 2012 - 10:08 PM

how are things doing now?

gringo

#11 mdjr

Member

Members
26 posts

Posted 18 May 2012 - 08:58 AM

Good, haha. It turns out that an add-on somehow got installed and replaced our default web browser. I was able to find it and delete it though so its all good. I'm sorry that the problem was so simple and thank you for your time.

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,823 posts

Gender:Male
Location:Puerto rico

Posted 18 May 2012 - 04:00 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

click ok

copy and paste the report into this topic for me to review

Gringo

#13 mdjr

Member

Members
26 posts

Posted 18 May 2012 - 08:32 PM

My son was quite proud of himself for having identified the browser switch which is fine as long as the browser hijack isn't still living here.

jr

ComboFix 12-05-18.03 - James 05/18/2012 17:26:02.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.814 [GMT -5:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 03:33 . 2012-05-18 03:33 -------- d-----w- c:\program files\DownloadXCtrl.com
2012-05-18 03:03 . 2012-05-18 03:03 -------- d-----w- C:\_OTL
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-16 20:54 . 2012-05-16 20:54 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-16 20:54 . 2012-05-16 20:54 -------- d-----w- c:\program files\QuickTime
2012-05-16 16:54 . 2012-05-16 16:54 110080 ----a-r- c:\documents and settings\James\Application Data\Microsoft\Installer\{9710BF34-7997-4E06-BF75-B0E738B7C7B3}\IconF7A21AF7.exe
2012-05-16 16:54 . 2012-05-16 16:54 110080 ----a-r- c:\documents and settings\James\Application Data\Microsoft\Installer\{9710BF34-7997-4E06-BF75-B0E738B7C7B3}\IconD7F16134.exe
2012-05-16 16:54 . 2012-05-16 16:54 110080 ----a-r- c:\documents and settings\James\Application Data\Microsoft\Installer\{9710BF34-7997-4E06-BF75-B0E738B7C7B3}\IconCAE74F08.exe
2012-05-16 15:35 . 2012-05-16 16:54 -------- d-----w- c:\windows\9710BF3479974E06BF75B0E738B7C7B3.TMP
2012-05-15 14:41 . 2012-05-15 14:41 -------- d-----w- c:\documents and settings\James\Application Data\CompuClever
2012-05-15 14:41 . 2012-05-15 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CompuClever
2012-05-15 14:41 . 2012-05-15 14:41 -------- d-----w- c:\program files\CompuClever
2012-05-15 02:30 . 2012-01-19 15:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-05-15 02:30 . 2012-01-12 14:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-05-14 03:51 . 2012-05-16 16:54 -------- d-----w- C:\sh4ldr
2012-05-14 03:51 . 2012-05-14 03:51 -------- d-----w- c:\program files\Enigma Software Group
2012-05-14 02:32 . 2012-05-16 16:54 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-05-14 02:32 . 2012-05-16 15:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2004-08-03 21:17 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-03 21:20 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 20:56 . 2010-03-01 04:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-01 01:40 . 2012-04-01 01:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-01 01:40 . 2011-07-16 03:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2004-08-03 22:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-08-03 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-03 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-03 22:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-03 22:56 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-03 20:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-25 15:47 . 2010-06-19 16:42 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2006-09-28 21:55 . 2006-09-28 21:55 74520 ----a-w- c:\program files\DSETUP.dll
2006-09-28 21:55 . 2006-09-28 21:55 484632 ----a-w- c:\program files\DXSETUP.exe
2006-09-28 21:55 . 2006-09-28 21:55 2248984 ----a-w- c:\program files\dsetup32.dll
2005-09-12 22:56 . 2005-09-12 22:56 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-18 296056]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2012-05-04 5053344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Newsflash.lnk - c:\program files\Common Files\MySoftware\Newsflsh.exe [2011-12-23 233472]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\PracticeBuilder\\pbuilder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Pocket Tanks Deluxe\\pockettanks.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 atitray;atitray;c:\progra~1\NGOATI~1.4\ATT\atitray.sys [3/21/2005 12:50 AM 6656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [4/2/2012 8:22 PM 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/14/2012 9:30 PM 101112]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/2/2012 8:22 PM 212568]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/19/2010 11:42 AM 10448]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [9/6/2006 8:06 AM 70016]
R2 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [12/22/2008 8:48 PM 24576]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 4:57 PM 13904]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [3/18/2010 4:01 AM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [3/18/2010 4:01 AM 10448]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4/2/2012 8:22 PM 69208]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 iniNpfs;iniNpfs;\??\c:\windows\system32\drivers\cdfltmgr.sys --> c:\windows\system32\drivers\cdfltmgr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [5/4/2012 6:21 PM 737184]
S3 ASUSHWIO;ASUSHWIO;\??\c:\windows\system32\drivers\ASUSHWIO.sys --> c:\windows\system32\drivers\ASUSHWIO.sys [?]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [3/7/2008 11:24 PM 96256]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [4/2/2012 8:22 PM 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [4/2/2012 8:22 PM 94040]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [1/2/2006 4:29 PM 18088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [4/27/2005 3:33 AM 176256]
S4 HGKSM;HGKSM;c:\docume~1\James\LOCALS~1\Temp\HGKSM.exe --> c:\docume~1\James\LOCALS~1\Temp\HGKSM.exe [?]
S4 TUA;TUA;c:\docume~1\James\LOCALS~1\Temp\TUA.exe --> c:\docume~1\James\LOCALS~1\Temp\TUA.exe [?]
S4 WZASZYMY;WZASZYMY;c:\docume~1\James\LOCALS~1\Temp\WZASZYMY.exe --> c:\docume~1\James\LOCALS~1\Temp\WZASZYMY.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 09804360
*NewlyCreated* - 27043114
*NewlyCreated* - 49366577
*NewlyCreated* - ASWMBR
*NewlyCreated* - SPYHUNTER_4_SERVICE
*Deregistered* - 09804360
*Deregistered* - 27043114
*Deregistered* - 49366577
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2008-12-19 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2008-12-19 00:30]
.
2012-05-16 c:\windows\Tasks\PC TuneUp Maestro Scan.job
- c:\program files\CompuClever\PC TuneUp Maestro\pctum.exe [2012-04-25 05:56]
.
2012-05-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-1292428093-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2012-05-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-1292428093-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2012-05-18 c:\windows\Tasks\User_Feed_Synchronization-{9ECE0870-82F7-463F-881D-6285D06B31D3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: avanquest.com\shop
Trusted Zone: womansonline.com\www
TCP: DhcpNameServer = 192.168.0.99
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - hxxp://www2.snapfish.com/SnapfishActivia2.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 17:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1292428093-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,d8,53,fe,1b,e1,4d,49,b6,3e,1e,2a,a6,02,5d,e1,0f,4a,ba,01,0d,03,80,
47,31,29,4a,71,c8,1c,df,99,f7,98,9a,dc,72,9e,49,ad,f8,62,b5,6d,8e,0d,c4,ec,\
"??"=hex:50,00,f6,37,79,55,c8,87,71,f0,ac,01,d7,89,c5,48
.
[HKEY_USERS\S-1-5-21-746137067-1292428093-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:aa,37,2d,d7,27,ab,13,77,51,7c,6e,68,90,71,c1,eb,3d,89,86,ef,a4,
cd,ad,41,82,b6,db,54,49,ce,fb,92,57,5b,16,02,51,cf,fd,bc,79,3a,73,98,18,f7,\
"rkeysecu"=hex:11,da,88,d0,ae,e2,0f,9a,76,5b,73,45,30,3f,d0,4f
.
[HKEY_LOCAL_MACHINE\software\ASUS\ASUS Probe\2.22.00]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1716)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(9564)
c:\windows\system32\WININET.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-18 17:44:17
ComboFix-quarantined-files.txt 2012-05-18 22:44
ComboFix2.txt 2012-05-17 12:58
.
Pre-Run: 148,997,099,520 bytes free
Post-Run: 149,094,109,184 bytes free
.
- - End Of File - - D007D28F3BE30AC849DAD5DC6BC75E1A

Ad-Aware Browsing Protection
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
AGEIA PhysX v2.4.4
AGFA IMPAX Client 6.3.1.2816
AnalogX Vocal Remover
AnalogX Vocal Remover (WinAmp)
Anark Client 1.0
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 4.5
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft ShowBiz 2
ASUS Probe V2.22.00
AsusUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Avanquest update
Blaze Audio RipEditBurn PLUS Trial
Bluetooth Wireless Technology Synchronization Plug-in
Bonjour
CADstreamClient 4.1.3.963
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCScore
Chaos Pack v1.1 for Pocket Tanks Deluxe
Compatibility Pack for the 2007 Office system
Corel Photo Album 6
Coupon Printer for Windows
Creative MediaSource 5
Creative Software AutoUpdate
Creative Vado HD Codec
DownloadX ActiveX Download Control 1.6.5
EAWMapEditor
EPSON Print CD
EPSON Printer Software
EPSON R280 User's Guide
EPSON Web-To-Page
eRAD PACS Viewer
eReg
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
FileZilla Client 3.5.1
Film Factory
Flamethrower Pack v1.1 for Pocket Tanks Deluxe
Fuzz Pack v1.0 for Pocket Tanks Deluxe
Garmin City Navigator North America NT 2009 Update
Garmin USB Drivers
Garmin WebUpdater
Google Earth
Gravity Pack v1.1 for Pocket Tanks Deluxe
Guitar Pro 5.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP DVD Writer
iDump (Freeware) Build:29
Instant Photo Effects 2.0
iPhone Configuration Utility
iPod for Windows 2005-11-17
iPod for Windows 2006-03-23
iTunes
Java Auto Updater
Java™ 6 Update 31
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Knctr
Kodak EasyShare software
Logitech iTouch Software
Logitech SetPoint 6.15
LP Recorder
LP Ripper
Magic Pack v1.0 for Pocket Tanks Deluxe
Malwarebytes Anti-Malware version 1.61.0.1400
McDougal Littell Test Generator
MediaLife
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ActiveSync
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel Viewer 2003
Microsoft Office Outlook 2003
Microsoft Office Outlook 2007
Microsoft Office Outlook 2007 Trial
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MP3 Rocket
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Musicnotes Player V1.23.2 and Viewer
muvee autoProducer DVD Edition - HPC
MyDVD
MyMailList & AddressBook
MyMailList Deluxe
Nano Pack v1.0 for Pocket Tanks Deluxe
Napster
Napster Burn Engine
Nero Suite
netbrdg
Newsflash
Nuke Pack v1.1 for Pocket Tanks Deluxe
NVIDIA Drivers
office Convert Pdf to Jpg Jpeg Tiff Free 6.4
OfotoXMI
OGA Notifier 2.0.0048.0
OTOY
Party Pack for Pocket Tanks Deluxe
PC TuneUp Maestro
Picasa 3
Pocket Tanks 1.00b
Pocket Tanks Deluxe v1.3
PowerDVD
Quicken 2008
QuickTime
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RecordNow
Rocket Pack v1.0 for Pocket Tanks Deluxe
Safari
Screenblast Movie Studio 3.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
SFR
SHASTA
Shockwave
skin0001
SKINXSDK
Snowball Pack v1.1 for Pocket Tanks Deluxe
Sony Preset Manager 2.0e
Sony Sound Forge Audio Studio 9.0
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SpyHunter
staticcr
Super Pack v1.11 for Pocket Tanks Deluxe
SUPERAntiSpyware
Swiff Player 1.1
The Print Shop
Timeline Maker Professional
tooltips
TreeSize Free V2.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoiceOver Kit
VPN Client
VPRINTOL
Wave Corrector DeClick version 1.0
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Works Suite OS Pack
Yahoo! Software Update

#14 gringo_pr

Bleepin Gringo

Malware Response Team
120,823 posts

Gender:Male
Location:Puerto rico

Posted 18 May 2012 - 09:44 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3.3
Coupon Printer for Windows
Java™ 6 Update 31
MP3 Rocket
[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

#15 mdjr

Member

Members
26 posts

Posted 19 May 2012 - 03:32 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.14.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
James :: FAMILYRUIZ [administrator]

5/19/2012 3:08:54 PM
mbam-log-2012-05-19 (15-08-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257651
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:56 PM, on 5/19/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\explorer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Newsflash.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} - http://www2.snapfish.com/SnapfishActivia2.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.38.33/ttinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: PACS Client Updater - Agfa Healthcare - C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O24 - Desktop Component 1: (no name) - http://www.howrse.com/

--
End of file - 10862 bytes

thanks for your help.

system seems to be running much better.

jr