Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Spyware

Started by Jason L. , Jun 15 2012 01:33 PM

Next

This topic is locked

21 replies to this topic

#1 Jason L.

New Member

Members
12 posts

Posted 15 June 2012 - 01:33 PM

My computer became infected with spyware, and it has cause my computer to slow down to extremely slow speeds. I scanned my computer with AVG, it removed the spyware from my computer, but my computer is still really slow. The spyware I believe also disabled me to access task manager, but I enabled back access. This happened ~3 weeks ago, but I haven't used my computer much since then because of the slow speeds.

Here is the log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 11:14:27 on 2012-06-15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.115 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page =
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uWindow Title = Windows Internet Explorer provided by Yahoo!
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
uPolicies-explorer: NoFolderOptions = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F8F5713C-D2CC-4CC0-A376-CAA2038446F9} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mi1933~1\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office12\GRA8E1~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-12 04:48:37 -------- d-----w- c:\windows\system32\cache
2012-05-31 22:59:00 -------- d-----w- c:\documents and settings\compaq_owner.lei\application data\AVG2012
2012-05-31 22:57:16 -------- d-----w- c:\documents and settings\compaq_owner.lei\local settings\application data\AVG Secure Search
2012-05-31 22:56:53 -------- d-----w- c:\documents and settings\compaq_owner.lei\application data\AVG Secure Search
2012-05-31 22:56:52 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-05-31 22:56:49 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-05-31 22:56:48 -------- d-----w- c:\program files\AVG Secure Search
2012-05-31 22:56:10 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-05-31 22:55:13 -------- d--h--w- C:\$AVG
2012-05-31 22:55:13 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-31 22:55:13 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-05-31 22:40:51 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-05-29 00:12:28 -------- d-----w- c:\documents and settings\compaq_owner.lei\local settings\application data\CheatEngine_Forum_-_Krypt
2012-05-29 00:08:24 -------- d-----w- c:\windows\system32\XPSViewer
2012-05-29 00:07:43 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-29 00:06:52 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-29 00:06:52 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-29 00:06:52 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-29 00:06:52 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-29 00:06:51 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-29 00:06:51 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-29 00:06:51 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-29 00:06:51 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-29 00:06:51 -------- d-----w- C:\2452eb4f43d2ea482e0b0c0d54
2012-05-29 00:03:52 -------- d-----w- c:\program files\MSXML 6.0
2012-05-19 21:51:07 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-19 21:51:07 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-05-19 21:51:01 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-05-19 21:51:01 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2012-05-19 21:50:50 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-05-19 21:50:50 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2012-05-19 05:43:39 -------- d-----w- c:\program files\NCH Software
2012-05-19 05:43:10 -------- d-----w- c:\documents and settings\compaq_owner.lei\application data\NCH Software
.
==================== Find3M ====================
.
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-03-19 12:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 11:17:01.43 ===============

Back to top

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,511 posts

Gender:Male
Location:Puerto rico

Posted 15 June 2012 - 11:58 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#3 Jason L.

New Member

Members
12 posts

Posted 16 June 2012 - 12:05 PM

Hi gringo,

I'm having a problem with combofix, the part where it scans for viruses or something, I've left it there for over an hour, but it hasn't completed, it says it is usually finished in 10 mins...My computer is still very slow. Thanks for your help.

Back to top

#4 Jason L.

New Member

Members
12 posts

Posted 16 June 2012 - 12:13 PM

Oh and

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader X (10.1.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

Back to top

#5 gringo_pr

Bleepin Gringo

Malware Response Team
120,511 posts

Gender:Male
Location:Puerto rico

Posted 16 June 2012 - 12:16 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#6 Jason L.

New Member

Members
12 posts

Posted 16 June 2012 - 08:46 PM

Here it is:

ComboFix 12-06-15.06 - Compaq_Owner 06/16/2012 18:03:32.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.236 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner.LEI\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Compaq_Owner.LEI\WINDOWS
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\victoria ashley lei\WINDOWS
C:\LOG18B.tmp
C:\LOG1D.tmp
c:\program files\Common Files\Companion Wizard
c:\program files\Internet Antivirus
c:\program files\Internet Antivirus\activate.ico
c:\program files\Internet Antivirus\db\config.cfg
c:\program files\Internet Antivirus\db\DBInfo.ver
c:\program files\Internet Antivirus\Explorer.ico
c:\program files\Internet Antivirus\history!.txt
c:\program files\Internet Antivirus\unins000.dat
c:\program files\Internet Antivirus\uninstall.ico
c:\program files\Internet Antivirus\working.log
c:\windows\explorer(2).exe
c:\windows\SET45B.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4deaea3c1b86f35d.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\Sysvxd.exe
C:\xcrashdump.dat
D:\Autorun.inf
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-02 16:43 . 2012-06-17 01:19 -------- d-----w- c:\documents and settings\Administrator
2012-05-31 22:59 . 2012-05-31 22:59 -------- d-----w- c:\documents and settings\Compaq_Owner.LEI\Application Data\AVG2012
2012-05-31 22:56 . 2012-05-31 22:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-05-31 22:40 . 2012-06-16 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-05-29 00:12 . 2012-05-29 00:27 -------- d-----w- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\CheatEngine_Forum_-_Krypt
2012-05-29 00:08 . 2012-05-29 00:08 -------- d-----w- c:\windows\system32\XPSViewer
2012-05-29 00:08 . 2012-05-29 00:08 -------- d-----w- c:\program files\Reference Assemblies
2012-05-29 00:07 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-29 00:06 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-29 00:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-29 00:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-29 00:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-29 00:06 . 2012-05-29 00:07 -------- d-----w- C:\2452eb4f43d2ea482e0b0c0d54
2012-05-29 00:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-29 00:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-29 00:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-29 00:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-29 00:03 . 2012-05-29 00:03 -------- d-----w- c:\program files\MSXML 6.0
2012-05-19 21:51 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-05-19 21:51 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2012-05-19 21:51 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-05-19 21:51 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2012-05-19 21:50 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-05-19 21:50 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2012-05-19 05:44 . 2012-05-26 05:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-05-19 05:43 . 2012-06-13 04:13 -------- d-----w- c:\program files\NCH Software
2012-05-19 05:43 . 2012-05-26 06:15 -------- d-----w- c:\documents and settings\Compaq_Owner.LEI\Application Data\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 05:40 . 2012-04-19 05:40 53248 ----a-r- c:\documents and settings\Compaq_Owner.LEI\Application Data\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-10 180269]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 00:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-21 04:45 136176 ----atw- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715746155-2014057635-2032352796-1009Core.job
- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 04:45]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715746155-2014057635-2032352796-1009UA.job
- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 04:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-16 18:22
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-16 18:29:29
ComboFix-quarantined-files.txt 2012-06-17 01:29
.
Pre-Run: 103,513,878,528 bytes free
Post-Run: 108,860,985,344 bytes free
.
- - End Of File - - 84F06E9AE93A3EC4017D37487FDC575D

Back to top

#7 gringo_pr

Bleepin Gringo

Malware Response Team
120,511 posts

Gender:Male
Location:Puerto rico

Posted 16 June 2012 - 09:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#8 Jason L.

New Member

Members
12 posts

Posted 16 June 2012 - 11:07 PM

Here:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-16 20:37:05
-----------------------------
20:37:05.218 OS Version: Windows 5.1.2600 Service Pack 2
20:37:05.218 Number of processors: 1 586 0xC00
20:37:05.218 ComputerName: LEI UserName:
20:37:09.390 Initialize success
20:40:29.046 AVAST engine defs: 12061601
20:40:44.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:40:44.406 Disk 0 Vendor: SAMSUNG_SP1604N TM100-24 Size: 152627MB BusType: 3
20:40:44.437 Disk 0 MBR read successfully
20:40:44.437 Disk 0 MBR scan
20:40:44.781 Disk 0 unknown MBR code
20:40:44.812 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 6142 MB offset 63
20:40:44.828 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146475 MB offset 12579840
20:40:44.875 Disk 0 scanning sectors +312560640
20:40:45.312 Disk 0 scanning C:\WINDOWS\system32\drivers
20:41:04.390 Service scanning
20:41:58.500 Modules scanning
20:42:26.875 Disk 0 trace - called modules:
20:42:26.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
20:42:27.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b24030]
20:42:27.421 3 CLASSPNP.SYS[f762605b] -> nt!IofCallDriver -> \Device\00000058[0x82b93e98]
20:42:27.421 5 ACPI.sys[f749c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82b95150]
20:42:29.765 AVAST engine scan C:\WINDOWS
20:42:57.250 AVAST engine scan C:\WINDOWS\system32
20:51:28.546 AVAST engine scan C:\WINDOWS\system32\drivers
20:51:51.609 AVAST engine scan C:\Documents and Settings\Compaq_Owner.LEI
20:59:02.328 AVAST engine scan C:\Documents and Settings\All Users
21:02:58.843 Scan finished successfully
21:04:17.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner.LEI\Desktop\MBR.dat"
21:04:17.484 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner.LEI\Desktop\aswMBR.txt"

And:

20:31:53.0546 2488 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
20:31:54.0187 2488 ============================================================
20:31:54.0187 2488 Current date / time: 2012/06/16 20:31:54.0187
20:31:54.0187 2488 SystemInfo:
20:31:54.0187 2488
20:31:54.0187 2488 OS Version: 5.1.2600 ServicePack: 2.0
20:31:54.0187 2488 Product type: Workstation
20:31:54.0187 2488 ComputerName: LEI
20:31:54.0187 2488 UserName: Compaq_Owner
20:31:54.0187 2488 Windows directory: C:\WINDOWS
20:31:54.0187 2488 System windows directory: C:\WINDOWS
20:31:54.0187 2488 Processor architecture: Intel x86
20:31:54.0187 2488 Number of processors: 1
20:31:54.0187 2488 Page size: 0x1000
20:31:54.0187 2488 Boot type: Normal boot
20:31:54.0187 2488 ============================================================
20:31:59.0578 2488 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:31:59.0703 2488 ============================================================
20:31:59.0703 2488 \Device\Harddisk0\DR0:
20:31:59.0750 2488 MBR partitions:
20:31:59.0750 2488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xBFF3C1
20:31:59.0750 2488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xBFF400, BlocksNum 0x11E15800
20:31:59.0750 2488 ============================================================
20:31:59.0906 2488 C: <-> \Device\Harddisk0\DR0\Partition1
20:31:59.0937 2488 D: <-> \Device\Harddisk0\DR0\Partition0
20:31:59.0937 2488 ============================================================
20:31:59.0937 2488 Initialize success
20:31:59.0937 2488 ============================================================
20:32:02.0218 2088 ============================================================
20:32:02.0218 2088 Scan started
20:32:02.0218 2088 Mode: Manual;
20:32:02.0218 2088 ============================================================
20:32:02.0937 2088 Abiosdsk - ok
20:32:02.0953 2088 abp480n5 - ok
20:32:03.0062 2088 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:03.0140 2088 ACPI - ok
20:32:03.0171 2088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:32:03.0187 2088 ACPIEC - ok
20:32:03.0203 2088 adpu160m - ok
20:32:03.0296 2088 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
20:32:03.0359 2088 aec - ok
20:32:03.0437 2088 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
20:32:03.0484 2088 AFD - ok
20:32:04.0015 2088 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:32:04.0453 2088 AgereSoftModem - ok
20:32:04.0468 2088 Aha154x - ok
20:32:04.0484 2088 aic78u2 - ok
20:32:04.0500 2088 aic78xx - ok
20:32:05.0359 2088 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:32:06.0125 2088 ALCXWDM - ok
20:32:06.0531 2088 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
20:32:06.0546 2088 Alerter - ok
20:32:06.0593 2088 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
20:32:06.0625 2088 ALG - ok
20:32:06.0703 2088 AliIde - ok
20:32:06.0765 2088 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:32:06.0781 2088 AmdK8 - ok
20:32:06.0796 2088 amsint - ok
20:32:06.0968 2088 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:32:07.0015 2088 Apple Mobile Device - ok
20:32:07.0031 2088 AppMgmt - ok
20:32:07.0125 2088 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:32:07.0156 2088 Arp1394 - ok
20:32:07.0171 2088 asc - ok
20:32:07.0187 2088 asc3350p - ok
20:32:07.0203 2088 asc3550 - ok
20:32:07.0406 2088 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:32:07.0562 2088 aspnet_state - ok
20:32:07.0609 2088 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:07.0625 2088 AsyncMac - ok
20:32:07.0687 2088 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:07.0687 2088 atapi - ok
20:32:07.0734 2088 Atdisk - ok
20:32:07.0765 2088 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:07.0796 2088 Atmarpc - ok
20:32:07.0859 2088 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
20:32:07.0890 2088 AudioSrv - ok
20:32:07.0906 2088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:07.0906 2088 audstub - ok
20:32:07.0968 2088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:32:07.0968 2088 Beep - ok
20:32:08.0156 2088 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
20:32:08.0359 2088 BITS - ok
20:32:08.0609 2088 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:32:08.0765 2088 Bonjour Service - ok
20:32:08.0859 2088 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
20:32:08.0890 2088 Browser - ok
20:32:09.0093 2088 catchme - ok
20:32:09.0140 2088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:09.0140 2088 cbidf2k - ok
20:32:09.0156 2088 cd20xrnt - ok
20:32:09.0203 2088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:09.0218 2088 Cdaudio - ok
20:32:09.0281 2088 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:09.0312 2088 Cdfs - ok
20:32:09.0375 2088 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:09.0390 2088 Cdrom - ok
20:32:09.0406 2088 Changer - ok
20:32:09.0484 2088 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
20:32:09.0484 2088 CiSvc - ok
20:32:09.0515 2088 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
20:32:09.0531 2088 ClipSrv - ok
20:32:09.0703 2088 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:32:09.0750 2088 clr_optimization_v2.0.50727_32 - ok
20:32:09.0953 2088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:32:10.0218 2088 clr_optimization_v4.0.30319_32 - ok
20:32:10.0234 2088 CmdIde - ok
20:32:10.0250 2088 COMSysApp - ok
20:32:10.0296 2088 Cpqarray - ok
20:32:10.0359 2088 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
20:32:10.0375 2088 CryptSvc - ok
20:32:10.0390 2088 dac2w2k - ok
20:32:10.0406 2088 dac960nt - ok
20:32:10.0609 2088 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS\system32\rpcss.dll
20:32:10.0750 2088 DcomLaunch - ok
20:32:10.0875 2088 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
20:32:10.0921 2088 Dhcp - ok
20:32:10.0984 2088 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:11.0046 2088 Disk - ok
20:32:11.0062 2088 dmadmin - ok
20:32:11.0406 2088 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
20:32:11.0687 2088 dmboot - ok
20:32:11.0765 2088 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
20:32:11.0843 2088 dmio - ok
20:32:11.0859 2088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:32:11.0875 2088 dmload - ok
20:32:11.0921 2088 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
20:32:11.0937 2088 dmserver - ok
20:32:12.0015 2088 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
20:32:12.0031 2088 DMusic - ok
20:32:12.0109 2088 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
20:32:12.0125 2088 Dnscache - ok
20:32:12.0140 2088 dpti2o - ok
20:32:12.0203 2088 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:12.0203 2088 drmkaud - ok
20:32:12.0218 2088 EagleXNt - ok
20:32:12.0281 2088 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
20:32:12.0281 2088 ERSvc - ok
20:32:12.0375 2088 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
20:32:12.0421 2088 Eventlog - ok
20:32:12.0546 2088 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS\system32\es.dll
20:32:12.0640 2088 EventSystem - ok
20:32:12.0750 2088 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:12.0812 2088 Fastfat - ok
20:32:12.0875 2088 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
20:32:12.0921 2088 fasttx2k - ok
20:32:13.0000 2088 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
20:32:13.0046 2088 FastUserSwitchingCompatibility - ok
20:32:13.0187 2088 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
20:32:13.0281 2088 Fax - ok
20:32:13.0328 2088 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:32:13.0343 2088 Fdc - ok
20:32:13.0390 2088 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
20:32:13.0406 2088 Fips - ok
20:32:13.0421 2088 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:32:13.0437 2088 Flpydisk - ok
20:32:13.0515 2088 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:32:13.0562 2088 FltMgr - ok
20:32:13.0718 2088 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:32:13.0750 2088 FontCache3.0.0.0 - ok
20:32:13.0796 2088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:13.0796 2088 Fs_Rec - ok
20:32:13.0890 2088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:32:13.0937 2088 Ftdisk - ok
20:32:14.0000 2088 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
20:32:14.0015 2088 gagp30kx - ok
20:32:14.0093 2088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:32:14.0109 2088 GEARAspiWDM - ok
20:32:14.0171 2088 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:32:14.0203 2088 Gpc - ok
20:32:14.0343 2088 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:32:14.0359 2088 helpsvc - ok
20:32:14.0421 2088 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
20:32:14.0421 2088 HidServ - ok
20:32:14.0484 2088 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:14.0500 2088 HidUsb - ok
20:32:14.0515 2088 hpn - ok
20:32:14.0671 2088 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:14.0765 2088 HTTP - ok
20:32:14.0812 2088 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
20:32:14.0828 2088 HTTPFilter - ok
20:32:14.0843 2088 i2omgmt - ok
20:32:14.0859 2088 i2omp - ok
20:32:14.0937 2088 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:14.0953 2088 i8042prt - ok
20:32:15.0187 2088 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:32:15.0218 2088 IDriverT - ok
20:32:15.0687 2088 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:32:16.0046 2088 idsvc - ok
20:32:16.0093 2088 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:16.0125 2088 Imapi - ok
20:32:16.0250 2088 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
20:32:16.0312 2088 ImapiService - ok
20:32:16.0343 2088 ini910u - ok
20:32:16.0390 2088 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:32:16.0406 2088 IntelIde - ok
20:32:16.0421 2088 intelppm - ok
20:32:16.0453 2088 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:32:16.0468 2088 Ip6Fw - ok
20:32:16.0500 2088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:16.0515 2088 IpFilterDriver - ok
20:32:16.0546 2088 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:16.0546 2088 IpInIp - ok
20:32:16.0640 2088 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:16.0718 2088 IpNat - ok
20:32:17.0156 2088 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
20:32:17.0546 2088 iPod Service - ok
20:32:18.0203 2088 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:18.0312 2088 IPSec - ok
20:32:18.0437 2088 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:18.0453 2088 IRENUM - ok
20:32:18.0531 2088 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:18.0546 2088 isapnp - ok
20:32:18.0781 2088 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
20:32:18.0843 2088 JavaQuickStarterService - ok
20:32:18.0890 2088 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:18.0906 2088 Kbdclass - ok
20:32:19.0031 2088 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
20:32:19.0093 2088 kmixer - ok
20:32:19.0187 2088 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:19.0250 2088 KSecDD - ok
20:32:19.0359 2088 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
20:32:19.0390 2088 lanmanserver - ok
20:32:19.0500 2088 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS\System32\wkssvc.dll
20:32:19.0562 2088 lanmanworkstation - ok
20:32:19.0578 2088 lbrtfdc - ok
20:32:19.0718 2088 LightScribeService (9bd7add61b031307dd075e5e6a917c4d) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:32:19.0734 2088 LightScribeService - ok
20:32:19.0796 2088 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
20:32:19.0796 2088 LmHosts - ok
20:32:20.0031 2088 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
20:32:20.0140 2088 McciCMService - ok
20:32:20.0328 2088 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:32:20.0437 2088 MDM - ok
20:32:20.0500 2088 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
20:32:20.0515 2088 Messenger - ok
20:32:20.0671 2088 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:32:20.0687 2088 Microsoft Office Groove Audit Service - ok
20:32:20.0750 2088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:20.0765 2088 mnmdd - ok
20:32:20.0796 2088 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
20:32:20.0812 2088 mnmsrvc - ok
20:32:20.0890 2088 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
20:32:20.0906 2088 Modem - ok
20:32:20.0937 2088 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:20.0937 2088 Mouclass - ok
20:32:20.0984 2088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:32:20.0984 2088 mouhid - ok
20:32:21.0062 2088 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:21.0109 2088 MountMgr - ok
20:32:21.0125 2088 mraid35x - ok
20:32:21.0218 2088 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:21.0281 2088 MRxDAV - ok
20:32:21.0453 2088 MRxSmb (5ddc9a1b2eb5a4bf010ce8c019a18c1f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:21.0609 2088 MRxSmb - ok
20:32:21.0687 2088 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
20:32:21.0703 2088 MSDTC - ok
20:32:21.0796 2088 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
20:32:21.0796 2088 Msfs - ok
20:32:21.0812 2088 MSIServer - ok
20:32:21.0875 2088 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:21.0875 2088 MSKSSRV - ok
20:32:21.0921 2088 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:21.0921 2088 MSPCLOCK - ok
20:32:21.0937 2088 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:21.0937 2088 MSPQM - ok
20:32:21.0968 2088 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:21.0984 2088 mssmbios - ok
20:32:22.0078 2088 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
20:32:22.0109 2088 Mup - ok
20:32:22.0234 2088 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
20:32:22.0312 2088 NDIS - ok
20:32:22.0343 2088 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:32:22.0343 2088 NdisTapi - ok
20:32:22.0406 2088 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:32:22.0406 2088 Ndisuio - ok
20:32:22.0453 2088 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:32:22.0500 2088 NdisWan - ok
20:32:22.0546 2088 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
20:32:22.0578 2088 NDProxy - ok
20:32:22.0640 2088 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:32:22.0687 2088 NetBIOS - ok
20:32:22.0796 2088 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:32:22.0859 2088 NetBT - ok
20:32:22.0937 2088 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
20:32:22.0984 2088 NetDDE - ok
20:32:23.0000 2088 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
20:32:23.0000 2088 NetDDEdsdm - ok
20:32:23.0062 2088 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:32:23.0062 2088 Netlogon - ok
20:32:23.0171 2088 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
20:32:23.0234 2088 Netman - ok
20:32:23.0468 2088 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:23.0546 2088 NetTcpPortSharing - ok
20:32:23.0593 2088 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:32:23.0609 2088 NIC1394 - ok
20:32:23.0812 2088 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
20:32:23.0890 2088 Nla - ok
20:32:23.0968 2088 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
20:32:23.0984 2088 Npfs - ok
20:32:24.0250 2088 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
20:32:24.0453 2088 Ntfs - ok
20:32:24.0468 2088 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:32:24.0468 2088 NtLmSsp - ok
20:32:24.0687 2088 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
20:32:24.0859 2088 NtmsSvc - ok
20:32:24.0906 2088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:32:24.0906 2088 Null - ok
20:32:24.0937 2088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:32:24.0953 2088 NwlnkFlt - ok
20:32:24.0984 2088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:32:25.0000 2088 NwlnkFwd - ok
20:32:25.0328 2088 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:32:25.0515 2088 odserv - ok
20:32:25.0578 2088 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:32:25.0625 2088 ohci1394 - ok
20:32:25.0750 2088 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:25.0812 2088 ose - ok
20:32:25.0906 2088 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
20:32:25.0937 2088 Parport - ok
20:32:25.0984 2088 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
20:32:26.0000 2088 PartMgr - ok
20:32:26.0031 2088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:32:26.0031 2088 ParVdm - ok
20:32:26.0078 2088 PcdrNdisuio (505cba425df3bb230f244e1c23221058) C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys
20:32:26.0078 2088 PcdrNdisuio - ok
20:32:26.0125 2088 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
20:32:26.0171 2088 PCI - ok
20:32:26.0187 2088 PCIDump - ok
20:32:26.0218 2088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:32:26.0218 2088 PCIIde - ok
20:32:26.0281 2088 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:32:26.0328 2088 Pcmcia - ok
20:32:26.0343 2088 PDCOMP - ok
20:32:26.0359 2088 PDFRAME - ok
20:32:26.0375 2088 PDRELI - ok
20:32:26.0390 2088 PDRFRAME - ok
20:32:26.0406 2088 perc2 - ok
20:32:26.0421 2088 perc2hib - ok
20:32:26.0531 2088 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
20:32:26.0531 2088 PlugPlay - ok
20:32:26.0578 2088 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:32:26.0578 2088 PolicyAgent - ok
20:32:26.0625 2088 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:32:26.0703 2088 PptpMiniport - ok
20:32:26.0781 2088 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
20:32:26.0796 2088 Processor - ok
20:32:26.0812 2088 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:32:26.0812 2088 ProtectedStorage - ok
20:32:26.0875 2088 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys
20:32:26.0890 2088 Ps2 - ok
20:32:26.0937 2088 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
20:32:26.0968 2088 PSched - ok
20:32:27.0015 2088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:32:27.0015 2088 Ptilink - ok
20:32:27.0078 2088 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:32:27.0078 2088 PxHelp20 - ok
20:32:27.0093 2088 ql1080 - ok
20:32:27.0109 2088 Ql10wnt - ok
20:32:27.0125 2088 ql12160 - ok
20:32:27.0140 2088 ql1240 - ok
20:32:27.0156 2088 ql1280 - ok
20:32:27.0203 2088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:32:27.0218 2088 RasAcd - ok
20:32:27.0296 2088 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
20:32:27.0328 2088 RasAuto - ok
20:32:27.0375 2088 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:32:27.0406 2088 Rasl2tp - ok
20:32:27.0500 2088 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
20:32:27.0562 2088 RasMan - ok
20:32:27.0609 2088 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:32:27.0640 2088 RasPppoe - ok
20:32:27.0703 2088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:32:27.0718 2088 Raspti - ok
20:32:27.0843 2088 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:32:27.0906 2088 Rdbss - ok
20:32:27.0953 2088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:32:27.0953 2088 RDPCDD - ok
20:32:28.0046 2088 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
20:32:28.0109 2088 RDPWD - ok
20:32:28.0187 2088 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
20:32:28.0265 2088 RDSessMgr - ok
20:32:28.0312 2088 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:32:28.0328 2088 redbook - ok
20:32:28.0390 2088 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
20:32:28.0421 2088 RemoteAccess - ok
20:32:28.0500 2088 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
20:32:28.0531 2088 RpcLocator - ok
20:32:28.0734 2088 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS\System32\rpcss.dll
20:32:28.0734 2088 RpcSs - ok
20:32:28.0828 2088 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:32:28.0890 2088 RSVP - ok
20:32:28.0968 2088 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:32:28.0984 2088 rtl8139 - ok
20:32:29.0062 2088 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
20:32:29.0062 2088 SamSs - ok
20:32:29.0156 2088 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
20:32:29.0187 2088 SCardSvr - ok
20:32:29.0296 2088 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
20:32:29.0375 2088 Schedule - ok
20:32:29.0421 2088 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:32:29.0437 2088 Secdrv - ok
20:32:29.0500 2088 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
20:32:29.0500 2088 seclogon - ok
20:32:29.0562 2088 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
20:32:29.0578 2088 SENS - ok
20:32:29.0625 2088 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:32:29.0640 2088 Serenum - ok
20:32:29.0718 2088 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
20:32:29.0734 2088 Serial - ok
20:32:29.0859 2088 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:32:29.0859 2088 Sfloppy - ok
20:32:30.0015 2088 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
20:32:30.0140 2088 SharedAccess - ok
20:32:30.0218 2088 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
20:32:30.0218 2088 ShellHWDetection - ok
20:32:30.0250 2088 Simbad - ok
20:32:30.0390 2088 SiS315 (a644954c7114cf03d1e5c717e11f87a9) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
20:32:30.0484 2088 SiS315 - ok
20:32:30.0546 2088 SiSkp (f7376bbf4ee1fd62243021739d8f4931) C:\WINDOWS\system32\DRIVERS\srvkp.sys
20:32:30.0546 2088 SiSkp - ok
20:32:30.0625 2088 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
20:32:30.0640 2088 SISNIC - ok
20:32:30.0671 2088 Sparrow - ok
20:32:30.0687 2088 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
20:32:30.0703 2088 splitter - ok
20:32:30.0765 2088 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
20:32:30.0796 2088 Spooler - ok
20:32:30.0875 2088 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
20:32:30.0937 2088 sr - ok
20:32:31.0031 2088 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
20:32:31.0093 2088 srservice - ok
20:32:31.0265 2088 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
20:32:31.0375 2088 Srv - ok
20:32:31.0453 2088 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
20:32:31.0484 2088 SSDPSRV - ok
20:32:31.0687 2088 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
20:32:31.0843 2088 stisvc - ok
20:32:31.0906 2088 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:32:31.0906 2088 swenum - ok
20:32:31.0953 2088 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
20:32:31.0968 2088 swmidi - ok
20:32:32.0000 2088 SwPrv - ok
20:32:32.0015 2088 symc810 - ok
20:32:32.0031 2088 symc8xx - ok
20:32:32.0046 2088 sym_hi - ok
20:32:32.0062 2088 sym_u3 - ok
20:32:32.0140 2088 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
20:32:32.0156 2088 sysaudio - ok
20:32:32.0234 2088 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
20:32:32.0281 2088 SysmonLog - ok
20:32:32.0390 2088 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
20:32:32.0484 2088 TapiSrv - ok
20:32:32.0671 2088 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:32:32.0843 2088 Tcpip - ok
20:32:32.0890 2088 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:32:32.0890 2088 TDPIPE - ok
20:32:32.0921 2088 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
20:32:32.0921 2088 TDTCP - ok
20:32:33.0000 2088 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:32:33.0015 2088 TermDD - ok
20:32:33.0203 2088 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
20:32:33.0296 2088 TermService - ok
20:32:33.0359 2088 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
20:32:33.0375 2088 Themes - ok
20:32:33.0390 2088 TosIde - ok
20:32:33.0453 2088 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
20:32:33.0500 2088 TrkWks - ok
20:32:33.0578 2088 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
20:32:33.0609 2088 Udfs - ok
20:32:33.0625 2088 ultra - ok
20:32:33.0687 2088 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
20:32:33.0703 2088 UMWdf - ok
20:32:33.0812 2088 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
20:32:33.0906 2088 Update - ok
20:32:34.0046 2088 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
20:32:34.0125 2088 upnphost - ok
20:32:34.0171 2088 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
20:32:34.0171 2088 UPS - ok
20:32:34.0250 2088 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:32:34.0281 2088 USBAAPL - ok
20:32:34.0343 2088 usbbus (af9388e736af0c325067f05edc350010) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:32:34.0343 2088 usbbus - ok
20:32:34.0406 2088 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:32:34.0421 2088 usbccgp - ok
20:32:34.0484 2088 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:32:34.0484 2088 UsbDiag - ok
20:32:34.0546 2088 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:32:34.0562 2088 usbehci - ok
20:32:34.0609 2088 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:32:34.0640 2088 usbhub - ok
20:32:34.0687 2088 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:32:34.0703 2088 USBModem - ok
20:32:34.0734 2088 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:32:34.0750 2088 usbohci - ok
20:32:34.0796 2088 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:32:34.0812 2088 usbprint - ok
20:32:34.0843 2088 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:32:34.0859 2088 usbscan - ok
20:32:34.0906 2088 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:32:34.0921 2088 USBSTOR - ok
20:32:34.0968 2088 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:32:34.0984 2088 usbuhci - ok
20:32:35.0031 2088 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
20:32:35.0031 2088 VgaSave - ok
20:32:35.0078 2088 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:32:35.0093 2088 ViaIde - ok
20:32:35.0171 2088 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
20:32:35.0187 2088 VolSnap - ok
20:32:35.0343 2088 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
20:32:35.0453 2088 VSS - ok
20:32:35.0546 2088 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
20:32:35.0609 2088 W32Time - ok
20:32:35.0703 2088 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:32:35.0718 2088 Wanarp - ok
20:32:35.0734 2088 WDICA - ok
20:32:35.0812 2088 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
20:32:35.0843 2088 wdmaud - ok
20:32:35.0921 2088 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
20:32:35.0953 2088 WebClient - ok
20:32:36.0125 2088 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:32:36.0187 2088 winmgmt - ok
20:32:36.0281 2088 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
20:32:36.0296 2088 WmdmPmSN - ok
20:32:36.0390 2088 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:32:36.0437 2088 WmiApSrv - ok
20:32:36.0500 2088 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:32:36.0500 2088 WpdUsb - ok
20:32:37.0109 2088 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:32:37.0500 2088 WPFFontCache_v0400 - ok
20:32:37.0546 2088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:32:37.0546 2088 WS2IFSL - ok
20:32:37.0609 2088 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
20:32:37.0656 2088 wscsvc - ok
20:32:37.0718 2088 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
20:32:37.0718 2088 wuauserv - ok
20:32:37.0921 2088 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
20:32:38.0046 2088 WZCSVC - ok
20:32:38.0125 2088 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
20:32:38.0203 2088 xmlprov - ok
20:32:38.0250 2088 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
20:32:38.0312 2088 \Device\Harddisk0\DR0 - ok
20:32:38.0312 2088 Boot (0x1200) (6ab06532e65c169c548b5e71763bdc8e) \Device\Harddisk0\DR0\Partition0
20:32:38.0328 2088 \Device\Harddisk0\DR0\Partition0 - ok
20:32:38.0328 2088 Boot (0x1200) (5ddd3d814e769b49225d61f95766fbb4) \Device\Harddisk0\DR0\Partition1
20:32:38.0343 2088 \Device\Harddisk0\DR0\Partition1 - ok
20:32:38.0343 2088 ============================================================
20:32:38.0343 2088 Scan finished
20:32:38.0343 2088 ============================================================
20:32:38.0375 3960 Detected object count: 0
20:32:38.0375 3960 Actual detected object count: 0
20:33:41.0812 0220 Deinitialize success

Back to top

#9 gringo_pr

Bleepin Gringo

Malware Response Team
120,511 posts

Gender:Male
Location:Puerto rico

Posted 16 June 2012 - 11:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#10 Jason L.

New Member

Members
12 posts

Posted 18 June 2012 - 02:35 PM

Is it alright if I do it in safe mode again?

Back to top

#11 gringo_pr

Bleepin Gringo

Malware Response Team
120,511 posts

Gender:Male
Location:Puerto rico

Posted 18 June 2012 - 08:47 PM

yes that is fine

gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#12 Jason L.

New Member

Members
12 posts

Posted 18 June 2012 - 09:44 PM

ComboFix 12-06-15.06 - Compaq_Owner 06/18/2012 19:17:15.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.236 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner.LEI\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner.LEI\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-02 16:43 . 2012-06-17 01:19 -------- d-----w- c:\documents and settings\Administrator
2012-05-31 22:59 . 2012-05-31 22:59 -------- d-----w- c:\documents and settings\Compaq_Owner.LEI\Application Data\AVG2012
2012-05-31 22:56 . 2012-05-31 22:56 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-05-31 22:40 . 2012-06-16 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-05-29 00:12 . 2012-05-29 00:27 -------- d-----w- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\CheatEngine_Forum_-_Krypt
2012-05-29 00:08 . 2012-05-29 00:08 -------- d-----w- c:\windows\system32\XPSViewer
2012-05-29 00:08 . 2012-05-29 00:08 -------- d-----w- c:\program files\Reference Assemblies
2012-05-29 00:07 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-05-29 00:06 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-05-29 00:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-05-29 00:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-05-29 00:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-05-29 00:06 . 2012-05-29 00:07 -------- d-----w- C:\2452eb4f43d2ea482e0b0c0d54
2012-05-29 00:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-05-29 00:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-05-29 00:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-05-29 00:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-05-29 00:03 . 2012-05-29 00:03 -------- d-----w- c:\program files\MSXML 6.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 05:40 . 2012-04-19 05:40 53248 ----a-r- c:\documents and settings\Compaq_Owner.LEI\Application Data\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-10 180269]
"SiSPower"="SiSPower.dll" [2005-01-04 49152]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 00:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-21 04:45 136176 ----atw- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715746155-2014057635-2032352796-1009Core.job
- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 04:45]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2715746155-2014057635-2032352796-1009UA.job
- c:\documents and settings\Compaq_Owner.LEI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 04:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 19:32
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1976)
c:\windows\system32\ieframe.dll
.
Completion time: 2012-06-18 19:38:27
ComboFix-quarantined-files.txt 2012-06-19 02:38
ComboFix2.txt 2012-06-17 01:29
.
Pre-Run: 108,750,454,784 bytes free
Post-Run: 108,872,863,744 bytes free
.
- - End Of File - - 45CA5BEF270C1D7AE3D79B0F9EA9ED65

Back to top

#13 gringo_pr

Bleepin Gringo

Malware Response Team
120,511 posts

Gender:Male
Location:Puerto rico

Posted 18 June 2012 - 10:14 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

click ok

copy and paste the report into this topic for me to review

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#14 Jason L.

New Member

Members
12 posts

Posted 18 June 2012 - 10:17 PM

Here you go:

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATT-RC Self Support Tool
Bonjour
Canon MP Navigator EX 2.1
Canon MX330 series MP Drivers
Canon MX330 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Compaq Connections
Compaq Organize
D-Link Toolbar
Easy Internet Sign-up
Google Chrome
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
HP Boot Optimizer
HP Help and Support 4.0
HpSdpAppCoreApp
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java Auto Updater
Java™ 6 Update 29
KBD
LG Verizon United Drivers
LS_HSI
Malwarebytes' Anti-Malware version 1.51.2.1300
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
MSXML 6.0 Parser (KB933579)
Nexon Game Manager
PC-Doctor for Windows
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove WeatherBug installer
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
VoiceOver Kit
WebFldrs XP
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
WinRAR 4.01 (32-bit)

Back to top

#15 gringo_pr

Bleepin Gringo

Malware Response Team
120,511 posts

Gender:Male
Location:Puerto rico

Posted 18 June 2012 - 10:42 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

J2SE Runtime Environment 5.0
Java™ 6 Update 29
Remove WeatherBug installer
[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Install Java:

Please go here to install Java

click on the Free Java Download Button
click on Agree and start Free download
click on Run
click on run again
click on install
when install is complete click on close

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I would like you to rerun MBAM
Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

Go Here to download HijackThis Installer
Save HijackThis Installer to your desktop.
Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed it will launch Hijackthis.
Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.