infected with IRP hook rootkit and trojan

AVG scans show and IRP Rootkit error that is embedded somewhere. Also some trojans that I can't heal or delete because they are also embedded somewhere. I don't know where. How do I get rid of these infections? I have run both Malware and AVG several times. It shows it but I can't get rid of it.

I have since uninstalled Malware and rerun AVG, but it still shows these problems.

What do I do?

dds - notepad file:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Steve at 14:25:30 on 2012-08-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.57 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve\Local Settings\Temporary Internet Files\Content.IE5\G298E1ZP\Defogger[1].exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171003678421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{6900A1A2-6410-47FC-9071-D67FEE0AE7FA} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2007-3-26 61526]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-4 250056]
S3 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [2012-8-6 33568]
.
=============== Created Last 30 ================
.
2012-08-07 00:59:47 33568 ----a-w- c:\windows\system32\drivers\sct_skmscan.sys
2012-08-07 00:57:28 -------- d-----w- c:\documents and settings\all users\application data\Sophos
.
==================== Find3M ====================
.
2012-08-04 01:16:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 01:16:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-00JHC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81D734B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x81d7a93c]; MOV EAX, [0x81d7aab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8228BAB8]
3 CLASSPNP[0xF8576FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005f[0x82355F18]
5 ACPI[0xF84ED620] -> nt!IofCallDriver[0x804E37D5] -> [0x8238E940]
\Driver\atapi[0x81C23D58] -> IRP_MJ_CREATE -> 0x81D734B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x81D732E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:28:24.65 ===============

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

I have run the Security Check and here are the results. I just turned off the firewall because i thought I was supposed to for some reason. Should I turn it back on?


Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

Combofix log:

ComboFix 12-08-10.02 - Steve 08/12/2012 20:23:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.170 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\program files\Drop Down Deals
c:\program files\Drop Down Deals\YontooIEClient.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\SET12A.tmp
c:\windows\system32\SET12E.tmp
c:\windows\system32\SET136.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-10 02:39 . 2012-08-10 02:41 -------- d-----w- c:\windows\2C7D909F99544F67AC816F6D9D054A08.TMP
2012-08-10 01:58 . 2012-08-10 01:58 -------- d-----w- c:\program files\Enigma Software Group
2012-08-10 01:57 . 2012-08-10 01:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-07 00:59 . 2011-03-09 21:15 33568 ----a-w- c:\windows\system32\drivers\sct_skmscan.sys
2012-08-07 00:57 . 2012-08-07 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-08-02 16:02 . 2012-08-02 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-07-31 09:31 . 2012-07-31 09:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-31 07:15 . 2012-07-31 07:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 01:16 . 2012-06-04 17:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-04 01:16 . 2011-09-23 05:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 19:25 . 2012-04-20 01:09 17320 ----a-w- c:\windows\system32\roboot.exe
2012-06-13 13:19 . 2004-08-04 04:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 05:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 05:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-06-25 05:59 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-06-25 05:59 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2007-02-09 03:37 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2007-02-09 03:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2007-02-09 03:37 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-06-25 05:59 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2007-02-09 03:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2007-02-09 03:37 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2005-05-26 10:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-04 05:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-06-25 05:59 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2007-02-09 03:37 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2007-02-09 03:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-06-25 11:05 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2007-02-10 00:59 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2005-05-26 10:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 05:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2007-3-26 921704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 01:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/26/2007 9:24 PM 61526]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/4/2012 12:15 PM 250056]
S3 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [8/6/2012 7:59 PM 33568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 01:17]
.
2012-08-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
HKCU-Run-SystweakASP - c:\program files\RegClean Pro\SystweakASP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-12 20:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD400BB-00JHC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x81CEC2E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\WININET.dll
c:\windows\system32\PRISMAPI.DLL
.
- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\WININET.dll
.
Completion time: 2012-08-12 20:54:39
ComboFix-quarantined-files.txt 2012-08-13 01:54
.
Pre-Run: 24,007,213,056 bytes free
Post-Run: 25,320,353,792 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4053E64CB1A804A110E5B90C290AB7D3



Did not have any problems running Combofix, though it took quite a while to run.

The computer seems to be working better, though I haven't opened any other applications or gone to any websites besides this one.

Do I enable AVG and turn on the firewall now?

Greetings

you can turn them on when you are not running scans




I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

19:46:27.0296 2724 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:46:27.0796 2724 ============================================================
19:46:27.0796 2724 Current date / time: 2012/08/13 19:46:27.0796
19:46:27.0796 2724 SystemInfo:
19:46:27.0796 2724
19:46:27.0796 2724 OS Version: 5.1.2600 ServicePack: 3.0
19:46:27.0796 2724 Product type: Workstation
19:46:27.0796 2724 ComputerName: STEVEXP
19:46:27.0796 2724 UserName: Steve
19:46:27.0796 2724 Windows directory: C:\WINDOWS
19:46:27.0796 2724 System windows directory: C:\WINDOWS
19:46:27.0796 2724 Processor architecture: Intel x86
19:46:27.0796 2724 Number of processors: 1
19:46:27.0796 2724 Page size: 0x1000
19:46:27.0796 2724 Boot type: Normal boot
19:46:27.0796 2724 ============================================================
19:46:30.0765 2724 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:46:30.0781 2724 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:46:30.0812 2724 ============================================================
19:46:30.0812 2724 \Device\Harddisk0\DR0:
19:46:30.0812 2724 MBR partitions:
19:46:30.0812 2724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:46:30.0812 2724 \Device\Harddisk1\DR1:
19:46:30.0812 2724 MBR partitions:
19:46:30.0812 2724 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
19:46:30.0812 2724 ============================================================
19:46:30.0812 2724 C: <-> \Device\Harddisk0\DR0\Partition0
19:46:30.0906 2724 E: <-> \Device\Harddisk1\DR1\Partition0
19:46:30.0906 2724 ============================================================
19:46:30.0906 2724 Initialize success
19:46:30.0906 2724 ============================================================
19:46:43.0015 2392 ============================================================
19:46:43.0015 2392 Scan started
19:46:43.0015 2392 Mode: Manual;
19:46:43.0015 2392 ============================================================
19:46:43.0265 2392 Abiosdsk - ok
19:46:43.0281 2392 abp480n5 - ok
19:46:43.0343 2392 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
19:46:43.0343 2392 ac97intc - ok
19:46:43.0390 2392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:43.0406 2392 ACPI - ok
19:46:43.0453 2392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:43.0453 2392 ACPIEC - ok
19:46:43.0562 2392 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:43.0578 2392 AdobeFlashPlayerUpdateSvc - ok
19:46:43.0593 2392 adpu160m - ok
19:46:43.0656 2392 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
19:46:43.0656 2392 aeaudio - ok
19:46:43.0703 2392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:46:43.0718 2392 aec - ok
19:46:43.0781 2392 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
19:46:43.0781 2392 AegisP - ok
19:46:43.0843 2392 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:46:43.0843 2392 AFD - ok
19:46:43.0890 2392 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:46:43.0890 2392 agp440 - ok
19:46:43.0906 2392 Aha154x - ok
19:46:43.0921 2392 aic78u2 - ok
19:46:43.0937 2392 aic78xx - ok
19:46:43.0984 2392 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:46:43.0984 2392 Alerter - ok
19:46:44.0031 2392 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:46:44.0031 2392 ALG - ok
19:46:44.0046 2392 AliIde - ok
19:46:44.0062 2392 amsint - ok
19:46:44.0093 2392 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:46:44.0109 2392 AppMgmt - ok
19:46:44.0125 2392 asc - ok
19:46:44.0140 2392 asc3350p - ok
19:46:44.0156 2392 asc3550 - ok
19:46:44.0203 2392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:44.0203 2392 AsyncMac - ok
19:46:44.0234 2392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:44.0234 2392 atapi - ok
19:46:44.0250 2392 Atdisk - ok
19:46:44.0296 2392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:44.0296 2392 Atmarpc - ok
19:46:44.0343 2392 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:46:44.0343 2392 AudioSrv - ok
19:46:44.0390 2392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:44.0390 2392 audstub - ok
19:46:44.0796 2392 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:46:45.0031 2392 AVGIDSAgent - ok
19:46:45.0156 2392 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:46:45.0171 2392 AVGIDSDriver - ok
19:46:45.0203 2392 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:46:45.0203 2392 AVGIDSFilter - ok
19:46:45.0250 2392 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:46:45.0250 2392 AVGIDSHX - ok
19:46:45.0312 2392 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:46:45.0312 2392 AVGIDSShim - ok
19:46:45.0375 2392 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:46:45.0375 2392 Avgldx86 - ok
19:46:45.0406 2392 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:46:45.0406 2392 Avgmfx86 - ok
19:46:45.0453 2392 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:46:45.0453 2392 Avgrkx86 - ok
19:46:45.0500 2392 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:46:45.0500 2392 Avgtdix - ok
19:46:45.0640 2392 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:46:45.0656 2392 avgwd - ok
19:46:45.0718 2392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:45.0718 2392 Beep - ok
19:46:45.0796 2392 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:46:45.0828 2392 BITS - ok
19:46:45.0875 2392 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:46:45.0890 2392 Browser - ok
19:46:46.0046 2392 catchme - ok
19:46:46.0093 2392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:46.0125 2392 cbidf2k - ok
19:46:46.0140 2392 cd20xrnt - ok
19:46:46.0171 2392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:46.0171 2392 Cdaudio - ok
19:46:46.0218 2392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:46.0218 2392 Cdfs - ok
19:46:46.0281 2392 Cdr4_xp (b9cff0a9ed63e9bd4931847284a33401) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
19:46:46.0281 2392 Cdr4_xp - ok
19:46:46.0296 2392 Cdralw2k (bf09211c3fb1b6c93ecb58973f84ee23) C:\WINDOWS\system32\drivers\Cdralw2k.sys
19:46:46.0296 2392 Cdralw2k - ok
19:46:46.0328 2392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:46.0328 2392 Cdrom - ok
19:46:46.0390 2392 cdudf_xp (a19f8c660426e02aa99af1ed3d0dcb1c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
19:46:46.0406 2392 cdudf_xp - ok
19:46:46.0421 2392 Changer - ok
19:46:46.0468 2392 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:46:46.0468 2392 CiSvc - ok
19:46:46.0515 2392 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:46:46.0515 2392 ClipSrv - ok
19:46:46.0531 2392 CmdIde - ok
19:46:46.0546 2392 COMSysApp - ok
19:46:46.0578 2392 Cpqarray - ok
19:46:46.0625 2392 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:46:46.0625 2392 CryptSvc - ok
19:46:46.0640 2392 dac2w2k - ok
19:46:46.0656 2392 dac960nt - ok
19:46:46.0718 2392 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:46:46.0750 2392 DcomLaunch - ok
19:46:46.0812 2392 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
19:46:46.0859 2392 DELL_A02 - ok
19:46:46.0906 2392 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:46:46.0953 2392 Dhcp - ok
19:46:47.0000 2392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:47.0015 2392 Disk - ok
19:46:47.0031 2392 dmadmin - ok
19:46:47.0093 2392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:47.0125 2392 dmboot - ok
19:46:47.0171 2392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:46:47.0171 2392 dmio - ok
19:46:47.0203 2392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:47.0218 2392 dmload - ok
19:46:47.0250 2392 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:46:47.0250 2392 dmserver - ok
19:46:47.0312 2392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:47.0328 2392 DMusic - ok
19:46:47.0390 2392 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:46:47.0390 2392 Dnscache - ok
19:46:47.0421 2392 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:46:47.0437 2392 Dot3svc - ok
19:46:47.0453 2392 dpti2o - ok
19:46:47.0500 2392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:47.0500 2392 drmkaud - ok
19:46:47.0546 2392 dvd_2K (943873bf94e372b78ab0b0631069ac2b) C:\WINDOWS\system32\drivers\dvd_2K.sys
19:46:47.0546 2392 dvd_2K - ok
19:46:47.0593 2392 E100B (e278a4d94c5cb5f51a73785936cd7642) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:46:47.0609 2392 E100B - ok
19:46:47.0640 2392 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:46:47.0640 2392 EapHost - ok
19:46:47.0671 2392 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:46:47.0671 2392 ERSvc - ok
19:46:47.0734 2392 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:46:47.0750 2392 Eventlog - ok
19:46:47.0828 2392 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:46:47.0828 2392 EventSystem - ok
19:46:47.0890 2392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:47.0906 2392 Fastfat - ok
19:46:47.0953 2392 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:46:47.0968 2392 FastUserSwitchingCompatibility - ok
19:46:48.0000 2392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:46:48.0000 2392 Fdc - ok
19:46:48.0015 2392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:46:48.0015 2392 Fips - ok
19:46:48.0078 2392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:46:48.0078 2392 Flpydisk - ok
19:46:48.0140 2392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:46:48.0156 2392 FltMgr - ok
19:46:48.0203 2392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:48.0203 2392 Fs_Rec - ok
19:46:48.0250 2392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:48.0265 2392 Ftdisk - ok
19:46:48.0328 2392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:48.0328 2392 Gpc - ok
19:46:48.0421 2392 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:46:48.0437 2392 helpsvc - ok
19:46:48.0437 2392 HidServ - ok
19:46:48.0468 2392 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:48.0468 2392 hidusb - ok
19:46:48.0515 2392 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:46:48.0515 2392 hkmsvc - ok
19:46:48.0531 2392 hpn - ok
19:46:48.0687 2392 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:46:48.0703 2392 hpqcxs08 - ok
19:46:48.0750 2392 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:46:48.0750 2392 hpqddsvc - ok
19:46:48.0796 2392 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:46:48.0812 2392 HPZid412 - ok
19:46:48.0843 2392 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:46:48.0843 2392 HPZipr12 - ok
19:46:48.0875 2392 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:46:48.0875 2392 HPZius12 - ok
19:46:48.0937 2392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:48.0953 2392 HTTP - ok
19:46:49.0015 2392 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:46:49.0015 2392 HTTPFilter - ok
19:46:49.0031 2392 i2omgmt - ok
19:46:49.0046 2392 i2omp - ok
19:46:49.0093 2392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:46:49.0093 2392 i8042prt - ok
19:46:49.0140 2392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:49.0156 2392 Imapi - ok
19:46:49.0203 2392 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:46:49.0218 2392 ImapiService - ok
19:46:49.0234 2392 ini910u - ok
19:46:49.0281 2392 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:46:49.0281 2392 IntelIde - ok
19:46:49.0296 2392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:49.0312 2392 intelppm - ok
19:46:49.0343 2392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:46:49.0343 2392 Ip6Fw - ok
19:46:49.0375 2392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:49.0375 2392 IpFilterDriver - ok
19:46:49.0406 2392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:49.0406 2392 IpInIp - ok
19:46:49.0453 2392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:49.0468 2392 IpNat - ok
19:46:49.0468 2392 iPod Service - ok
19:46:49.0578 2392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:49.0578 2392 IPSec - ok
19:46:49.0625 2392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:49.0625 2392 IRENUM - ok
19:46:49.0656 2392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:49.0656 2392 isapnp - ok
19:46:49.0781 2392 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
19:46:49.0796 2392 JavaQuickStarterService - ok
19:46:49.0828 2392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:49.0828 2392 Kbdclass - ok
19:46:49.0875 2392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:49.0921 2392 kmixer - ok
19:46:49.0984 2392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:50.0000 2392 KSecDD - ok
19:46:50.0062 2392 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:46:50.0078 2392 lanmanserver - ok
19:46:50.0125 2392 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:46:50.0140 2392 lanmanworkstation - ok
19:46:50.0156 2392 lbrtfdc - ok
19:46:50.0218 2392 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:46:50.0218 2392 LmHosts - ok
19:46:50.0296 2392 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:46:50.0328 2392 MDM - ok
19:46:50.0375 2392 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:46:50.0375 2392 Messenger - ok
19:46:50.0421 2392 mmc_2K (18032034b88c7f9e9068df91ab3ae968) C:\WINDOWS\system32\drivers\mmc_2K.sys
19:46:50.0421 2392 mmc_2K - ok
19:46:50.0468 2392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:50.0468 2392 mnmdd - ok
19:46:50.0500 2392 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:46:50.0500 2392 mnmsrvc - ok
19:46:50.0546 2392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:46:50.0546 2392 Modem - ok
19:46:50.0609 2392 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:46:50.0609 2392 MODEMCSA - ok
19:46:50.0625 2392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:50.0625 2392 Mouclass - ok
19:46:50.0671 2392 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:50.0671 2392 mouhid - ok
19:46:50.0703 2392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:50.0703 2392 MountMgr - ok
19:46:50.0718 2392 mraid35x - ok
19:46:50.0765 2392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:50.0781 2392 MRxDAV - ok
19:46:50.0859 2392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:50.0875 2392 MRxSmb - ok
19:46:50.0921 2392 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:46:50.0921 2392 MSDTC - ok
19:46:50.0968 2392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:50.0968 2392 Msfs - ok
19:46:50.0984 2392 MSIServer - ok
19:46:51.0015 2392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:51.0015 2392 MSKSSRV - ok
19:46:51.0062 2392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:51.0062 2392 MSPCLOCK - ok
19:46:51.0093 2392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:51.0093 2392 MSPQM - ok
19:46:51.0140 2392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:51.0140 2392 mssmbios - ok
19:46:51.0171 2392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:46:51.0187 2392 Mup - ok
19:46:51.0234 2392 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:46:51.0250 2392 napagent - ok
19:46:51.0281 2392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:51.0296 2392 NDIS - ok
19:46:51.0359 2392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:51.0359 2392 NdisTapi - ok
19:46:51.0406 2392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:51.0406 2392 Ndisuio - ok
19:46:51.0437 2392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:51.0437 2392 NdisWan - ok
19:46:51.0484 2392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:51.0484 2392 NDProxy - ok
19:46:51.0546 2392 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
19:46:51.0546 2392 Net Driver HPZ12 - ok
19:46:51.0609 2392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:51.0609 2392 NetBIOS - ok
19:46:51.0640 2392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:51.0656 2392 NetBT - ok
19:46:51.0703 2392 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:46:51.0703 2392 NetDDE - ok
19:46:51.0718 2392 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:46:51.0734 2392 NetDDEdsdm - ok
19:46:51.0765 2392 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:51.0765 2392 Netlogon - ok
19:46:51.0828 2392 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:46:51.0843 2392 Netman - ok
19:46:51.0906 2392 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:46:51.0921 2392 Nla - ok
19:46:51.0968 2392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:51.0968 2392 Npfs - ok
19:46:52.0015 2392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:52.0062 2392 Ntfs - ok
19:46:52.0078 2392 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:52.0093 2392 NtLmSsp - ok
19:46:52.0156 2392 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:46:52.0171 2392 NtmsSvc - ok
19:46:52.0218 2392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:52.0218 2392 Null - ok
19:46:52.0421 2392 nv (933a02052aed2da698811a14b7848faf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:46:52.0515 2392 nv - ok
19:46:52.0656 2392 NVSvc (87445455aef55e3ed41d25a803c545fe) C:\WINDOWS\system32\nvsvc32.exe
19:46:52.0671 2392 NVSvc - ok
19:46:52.0734 2392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:52.0734 2392 NwlnkFlt - ok
19:46:52.0765 2392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:52.0765 2392 NwlnkFwd - ok
19:46:52.0828 2392 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:46:52.0843 2392 ose - ok
19:46:52.0906 2392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:46:52.0906 2392 Parport - ok
19:46:52.0921 2392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:52.0937 2392 PartMgr - ok
19:46:52.0984 2392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:52.0984 2392 ParVdm - ok
19:46:53.0000 2392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:53.0000 2392 PCI - ok
19:46:53.0031 2392 PCIDump - ok
19:46:53.0046 2392 PCIIde - ok
19:46:53.0093 2392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:53.0093 2392 Pcmcia - ok
19:46:53.0125 2392 PDCOMP - ok
19:46:53.0140 2392 PDFRAME - ok
19:46:53.0156 2392 PDRELI - ok
19:46:53.0171 2392 PDRFRAME - ok
19:46:53.0187 2392 perc2 - ok
19:46:53.0203 2392 perc2hib - ok
19:46:53.0281 2392 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:46:53.0281 2392 PlugPlay - ok
19:46:53.0343 2392 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\DRIVERS\pmemnt.sys
19:46:53.0343 2392 pmem - ok
19:46:53.0406 2392 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
19:46:53.0406 2392 Pml Driver HPZ12 - ok
19:46:53.0453 2392 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:53.0453 2392 PolicyAgent - ok
19:46:53.0515 2392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:53.0515 2392 PptpMiniport - ok
19:46:53.0578 2392 PRISMSVC (544bae47298a4e68c93ed2686a66e0f3) C:\WINDOWS\system32\PRISMSVC.EXE
19:46:53.0640 2392 PRISMSVC - ok
19:46:53.0656 2392 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:53.0656 2392 ProtectedStorage - ok
19:46:53.0687 2392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:53.0687 2392 PSched - ok
19:46:53.0718 2392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:53.0718 2392 Ptilink - ok
19:46:53.0765 2392 pwd_2k (4f1948a73db89ee4b34feeedd6745ee1) C:\WINDOWS\system32\drivers\pwd_2k.sys
19:46:53.0781 2392 pwd_2k - ok
19:46:53.0796 2392 ql1080 - ok
19:46:53.0828 2392 Ql10wnt - ok
19:46:53.0843 2392 ql12160 - ok
19:46:53.0859 2392 ql1240 - ok
19:46:53.0875 2392 ql1280 - ok
19:46:53.0890 2392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:53.0890 2392 RasAcd - ok
19:46:53.0953 2392 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:46:53.0953 2392 RasAuto - ok
19:46:54.0000 2392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:54.0000 2392 Rasl2tp - ok
19:46:54.0062 2392 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:46:54.0078 2392 RasMan - ok
19:46:54.0140 2392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:54.0140 2392 RasPppoe - ok
19:46:54.0156 2392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:54.0171 2392 Raspti - ok
19:46:54.0203 2392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:54.0218 2392 Rdbss - ok
19:46:54.0234 2392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:54.0234 2392 RDPCDD - ok
19:46:54.0281 2392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:46:54.0296 2392 rdpdr - ok
19:46:54.0375 2392 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:54.0375 2392 RDPWD - ok
19:46:54.0406 2392 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:46:54.0437 2392 RDSessMgr - ok
19:46:54.0468 2392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:54.0468 2392 redbook - ok
19:46:54.0531 2392 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:46:54.0531 2392 RemoteAccess - ok
19:46:54.0578 2392 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:46:54.0578 2392 RemoteRegistry - ok
19:46:54.0625 2392 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:46:54.0625 2392 RpcLocator - ok
19:46:54.0703 2392 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:46:54.0703 2392 RpcSs - ok
19:46:54.0765 2392 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:46:54.0781 2392 RSVP - ok
19:46:54.0828 2392 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:46:54.0843 2392 SamSs - ok
19:46:54.0875 2392 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:46:54.0890 2392 SCardSvr - ok
19:46:54.0921 2392 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:46:54.0937 2392 Schedule - ok
19:46:55.0000 2392 SCT_SKMScan (59996f2abeb502da20f2b5e8caebc697) C:\WINDOWS\system32\drivers\sct_skmscan.sys
19:46:55.0000 2392 SCT_SKMScan - ok
19:46:55.0046 2392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:55.0046 2392 Secdrv - ok
19:46:55.0093 2392 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:46:55.0109 2392 seclogon - ok
19:46:55.0140 2392 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:46:55.0140 2392 SENS - ok
19:46:55.0187 2392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:46:55.0187 2392 serenum - ok
19:46:55.0250 2392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:46:55.0250 2392 Serial - ok
19:46:55.0296 2392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:55.0296 2392 Sfloppy - ok
19:46:55.0375 2392 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:46:55.0390 2392 SharedAccess - ok
19:46:55.0453 2392 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:46:55.0453 2392 ShellHWDetection - ok
19:46:55.0468 2392 Simbad - ok
19:46:55.0546 2392 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
19:46:55.0578 2392 smwdm - ok
19:46:55.0593 2392 Sparrow - ok
19:46:55.0656 2392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:46:55.0656 2392 splitter - ok
19:46:55.0718 2392 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:46:55.0718 2392 Spooler - ok
19:46:55.0781 2392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:55.0781 2392 sr - ok
19:46:55.0843 2392 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:46:55.0890 2392 srservice - ok
19:46:55.0953 2392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:55.0984 2392 Srv - ok
19:46:56.0046 2392 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:46:56.0046 2392 SSDPSRV - ok
19:46:56.0125 2392 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:46:56.0156 2392 stisvc - ok
19:46:56.0203 2392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:56.0203 2392 swenum - ok
19:46:56.0265 2392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:56.0265 2392 swmidi - ok
19:46:56.0281 2392 SwPrv - ok
19:46:56.0312 2392 symc810 - ok
19:46:56.0328 2392 symc8xx - ok
19:46:56.0343 2392 sym_hi - ok
19:46:56.0359 2392 sym_u3 - ok
19:46:56.0421 2392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:56.0421 2392 sysaudio - ok
19:46:56.0468 2392 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:46:56.0484 2392 SysmonLog - ok
19:46:56.0531 2392 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:46:56.0546 2392 TapiSrv - ok
19:46:56.0609 2392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:56.0671 2392 Tcpip - ok
19:46:56.0718 2392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:56.0718 2392 TDPIPE - ok
19:46:56.0750 2392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:56.0750 2392 TDTCP - ok
19:46:56.0796 2392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:56.0796 2392 TermDD - ok
19:46:56.0859 2392 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:46:56.0875 2392 TermService - ok
19:46:56.0921 2392 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:46:56.0921 2392 Themes - ok
19:46:56.0968 2392 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:46:56.0984 2392 TlntSvr - ok
19:46:57.0000 2392 TosIde - ok
19:46:57.0031 2392 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:46:57.0046 2392 TrkWks - ok
19:46:57.0125 2392 UdfReadr_xp (37148e648e0f3a6694040fd9f80941b7) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
19:46:57.0125 2392 UdfReadr_xp - ok
19:46:57.0187 2392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:57.0187 2392 Udfs - ok
19:46:57.0203 2392 ultra - ok
19:46:57.0265 2392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:57.0281 2392 Update - ok
19:46:57.0343 2392 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:46:57.0375 2392 upnphost - ok
19:46:57.0437 2392 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:46:57.0437 2392 UPS - ok
19:46:57.0484 2392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:57.0484 2392 usbccgp - ok
19:46:57.0515 2392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:57.0531 2392 usbhub - ok
19:46:57.0562 2392 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:46:57.0562 2392 usbprint - ok
19:46:57.0593 2392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:57.0609 2392 usbscan - ok
19:46:57.0640 2392 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:57.0656 2392 USBSTOR - ok
19:46:57.0703 2392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:46:57.0703 2392 usbuhci - ok
19:46:57.0796 2392 USR1806V (133514fb65565d90ce6a5c55061b037f) C:\WINDOWS\system32\DRIVERS\USR1806V.SYS
19:46:57.0828 2392 USR1806V - ok
19:46:57.0875 2392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:46:57.0890 2392 VgaSave - ok
19:46:57.0906 2392 ViaIde - ok
19:46:57.0937 2392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:57.0937 2392 VolSnap - ok
19:46:58.0000 2392 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:46:58.0015 2392 VSS - ok
19:46:58.0078 2392 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:46:58.0109 2392 W32Time - ok
19:46:58.0171 2392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:58.0171 2392 Wanarp - ok
19:46:58.0187 2392 WDICA - ok
19:46:58.0250 2392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:58.0250 2392 wdmaud - ok
19:46:58.0312 2392 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:46:58.0328 2392 WebClient - ok
19:46:58.0406 2392 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:46:58.0453 2392 winmgmt - ok
19:46:58.0515 2392 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:46:58.0515 2392 WmdmPmSN - ok
19:46:58.0593 2392 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:46:58.0609 2392 Wmi - ok
19:46:58.0671 2392 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:46:58.0687 2392 WmiApSrv - ok
19:46:58.0828 2392 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:46:58.0859 2392 WMPNetworkSvc - ok
19:46:58.0937 2392 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:46:58.0937 2392 WS2IFSL - ok
19:46:58.0984 2392 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:46:59.0000 2392 wscsvc - ok
19:46:59.0046 2392 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:46:59.0078 2392 wuauserv - ok
19:46:59.0125 2392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:59.0125 2392 WudfPf - ok
19:46:59.0156 2392 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:59.0156 2392 WudfRd - ok
19:46:59.0187 2392 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:46:59.0203 2392 WudfSvc - ok
19:46:59.0281 2392 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:46:59.0312 2392 WZCSVC - ok
19:46:59.0359 2392 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:46:59.0375 2392 xmlprov - ok
19:46:59.0453 2392 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:46:59.0468 2392 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:46:59.0468 2392 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:46:59.0484 2392 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
19:47:04.0234 2392 \Device\Harddisk1\DR1 - ok
19:47:04.0250 2392 Boot (0x1200) (e1e9fb8cbffc150e7a6fbae0f23050be) \Device\Harddisk0\DR0\Partition0
19:47:04.0250 2392 \Device\Harddisk0\DR0\Partition0 - ok
19:47:04.0250 2392 Boot (0x1200) (b91c5eddb845289d7c2b1fee727182a7) \Device\Harddisk1\DR1\Partition0
19:47:04.0265 2392 \Device\Harddisk1\DR1\Partition0 - ok
19:47:04.0265 2392 ============================================================
19:47:04.0265 2392 Scan finished
19:47:04.0265 2392 ============================================================
19:47:04.0296 2976 Detected object count: 1
19:47:04.0296 2976 Actual detected object count: 1
19:47:24.0765 2976 \Device\Harddisk0\DR0\# - copied to quarantine
19:47:24.0765 2976 \Device\Harddisk0\DR0 - copied to quarantine
19:47:24.0828 2976 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:47:24.0843 2976 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:47:24.0859 2976 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:47:24.0875 2976 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:47:24.0875 2976 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:47:24.0890 2976 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:47:24.0890 2976 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:47:24.0937 2976 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:47:24.0937 2976 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:47:24.0937 2976 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:47:24.0968 2976 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:47:25.0000 2976 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:47:25.0031 2976 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:47:25.0031 2976 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:47:25.0046 2976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:47:25.0046 2976 \Device\Harddisk0\DR0 - ok
19:47:26.0640 2976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:47:33.0921 2528 Deinitialize success


This is the second log.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 19:56:08
-----------------------------
19:56:08.921 OS Version: Windows 5.1.2600 Service Pack 3
19:56:08.921 Number of processors: 1 586 0x204
19:56:08.921 ComputerName: STEVEXP UserName: Steve
19:56:10.390 Initialize success
20:01:07.890 AVAST engine defs: 12081301
20:02:53.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:02:53.109 Disk 0 Vendor: WDC_WD400BB-00JHC0 05.01C05 Size: 38166MB BusType: 3
20:02:53.125 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:02:53.125 Disk 1 Vendor: WDC_WD800JB-00CRA1 17.07W17 Size: 76319MB BusType: 3
20:02:53.140 Disk 0 MBR read successfully
20:02:53.140 Disk 0 MBR scan
20:02:55.203 Disk 0 Windows XP default MBR code
20:02:55.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
20:02:57.171 Disk 0 scanning sectors +78140160
20:02:57.781 Disk 0 scanning C:\WINDOWS\system32\drivers
20:05:30.156 Service scanning
20:06:04.437 Modules scanning
20:06:54.296 Disk 0 trace - called modules:
20:06:54.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
20:06:54.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x823ceab8]
20:06:54.812 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\00000061[0x82397f18]
20:06:54.812 5 ACPI.sys[f84ed620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x823e2d98]
20:06:58.140 AVAST engine scan C:\WINDOWS
20:07:08.250 AVAST engine scan C:\WINDOWS\system32
20:13:25.187 AVAST engine scan C:\WINDOWS\system32\drivers
20:13:53.718 AVAST engine scan C:\Documents and Settings\Steve
20:16:04.046 AVAST engine scan C:\Documents and Settings\All Users
20:17:51.109 Scan finished successfully
20:19:55.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve\Desktop\MBR.dat"
20:19:55.515 The log file has been saved successfully to "C:\Documents and Settings\Steve\Desktop\aswMBR.txt"



How will I know if the problem is fixed? What else needs to be done. Thank you!

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

Thanks again for your help.

Did you intend for the CFScript to be linked? I do not have it on the computer and can't find it on this website.

Please send me the link or let me know where to find it.

Thanks.

BTW, the computer is running much better.

Steveo

no it is not linked


you need to make by starting at "Open notepad"

ComboFix 12-08-16.01 - Steve 08/16/2012 18:43:22.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.275 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Steve\Local Settings\Application Data\Vid-Saver
c:\documents and settings\Steve\Local Settings\Application Data\Vid-Saver\Chrome\Vid-Saver.crx
c:\program files\Vid-Saver
c:\program files\Vid-Saver\Uninstall.exe
c:\program files\Vid-Saver\Vid-Saver.exe
c:\program files\Vid-Saver\Vid-Saver.ico
c:\program files\Vid-Saver\Vid-Saver.ini
c:\program files\Vid-Saver\Vid-SaverGui.exe
c:\program files\Vid-Saver\Vid-SaverInstaller.log
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-14 00:47 . 2012-08-14 00:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-14 00:11 . 2012-08-14 00:11 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-08-10 02:39 . 2012-08-10 02:41 -------- d-----w- c:\windows\2C7D909F99544F67AC816F6D9D054A08.TMP
2012-08-10 01:58 . 2012-08-10 01:58 -------- d-----w- c:\program files\Enigma Software Group
2012-08-10 01:57 . 2012-08-10 01:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-07 00:59 . 2011-03-09 21:15 33568 ----a-w- c:\windows\system32\drivers\sct_skmscan.sys
2012-08-07 00:57 . 2012-08-07 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-08-02 16:02 . 2012-08-02 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-07-31 09:31 . 2012-07-31 09:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-07-31 07:15 . 2012-07-31 07:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 03:14 . 2012-06-04 17:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 03:14 . 2011-09-23 05:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 19:25 . 2012-04-20 01:09 17320 ----a-w- c:\windows\system32\roboot.exe
2012-07-06 13:58 . 2004-08-04 05:56 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-02-09 03:34 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 04:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 05:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 05:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-06-25 05:59 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-06-25 05:59 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2007-02-09 03:37 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2007-02-09 03:37 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2007-02-09 03:37 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-06-25 05:59 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2007-02-09 03:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2007-02-09 03:37 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2005-05-26 10:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2004-08-04 05:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2007-06-25 05:59 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2007-02-09 03:37 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2007-02-09 03:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-06-25 11:05 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2007-02-10 00:59 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2005-05-26 10:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-04 05:56 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-13_01.49.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 08:26 . 2012-08-16 08:26 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
- 2004-08-04 05:56 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
- 2006-10-17 19:33 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-10-17 19:33 . 2012-07-02 17:49 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
+ 2009-07-08 18:23 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-08 18:23 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2007-04-25 08:41 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-04-25 08:41 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2012-07-06 13:58 . 2012-07-06 13:58 78336 c:\windows\system32\dllcache\browser.dll
+ 2007-02-09 04:34 . 2012-08-16 08:06 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2012-08-16 08:02 . 2012-05-11 14:42 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
- 2007-02-09 04:34 . 2012-07-12 08:01 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-08-04 05:56 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 105984 c:\windows\system32\url.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
+ 2004-08-04 05:56 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
+ 2006-10-17 19:33 . 2012-07-02 17:49 629760 c:\windows\system32\msfeeds.dll
- 2006-10-17 19:33 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2012-08-15 03:14 . 2012-08-15 03:14 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 03:14 . 2012-08-15 03:14 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
- 2012-06-04 17:15 . 2012-08-04 01:17 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-04 17:15 . 2012-08-15 03:15 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2004-08-04 05:56 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
- 2004-08-04 05:56 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 05:56 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
- 2004-08-04 05:56 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2007-02-08 21:13 . 2012-08-16 08:26 257456 c:\windows\system32\FNTCACHE.DAT
- 2007-02-08 21:13 . 2012-07-12 08:24 257456 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 05:56 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-09 17:32 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2004-08-04 05:56 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-07-07 05:28 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-25 08:41 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2007-04-25 08:41 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-05-07 15:32 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
- 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
- 2012-06-13 05:51 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
+ 2012-06-13 05:51 . 2012-07-02 17:49 521728 c:\windows\system32\dllcache\jsdbgui.dll
+ 2009-07-08 18:22 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-08 18:22 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 04:20 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 04:20 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 05:56 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 05:56 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-02-09 04:34 . 2012-07-12 08:01 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-02-09 04:34 . 2012-08-16 08:06 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2012-08-16 08:02 . 2012-05-16 15:08 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-16 08:02 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-16 08:02 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-16 08:02 . 2012-05-11 14:42 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-16 08:02 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2004-08-04 05:56 . 2012-07-02 17:49 1212416 c:\windows\system32\urlmon.dll
- 2004-08-04 05:56 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 6008320 c:\windows\system32\mshtml.dll
+ 2006-10-17 18:57 . 2012-07-02 17:49 2000384 c:\windows\system32\iertutil.dll
- 2006-10-17 18:57 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2009-04-17 12:26 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
- 2009-04-17 12:26 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 05:56 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 05:56 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
- 2007-04-25 08:41 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2007-04-25 08:41 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2012-07-17 15:11 . 2012-07-17 15:11 6145024 c:\windows\Installer\64f562a.msp
+ 2012-08-02 15:29 . 2012-08-02 15:29 5521920 c:\windows\Installer\64f5614.msp
+ 2012-08-16 08:02 . 2012-05-11 14:42 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-16 08:02 . 2012-05-11 14:42 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2007-02-09 04:04 . 2012-08-16 08:06 59884088 c:\windows\system32\MRT.exe
+ 2006-10-17 19:33 . 2012-07-03 04:19 11111424 c:\windows\system32\ieframe.dll
- 2006-10-17 19:33 . 2012-05-12 01:12 11111424 c:\windows\system32\ieframe.dll
+ 2007-04-25 08:41 . 2012-07-03 04:19 11111424 c:\windows\system32\dllcache\ieframe.dll
- 2007-04-25 08:41 . 2012-05-12 01:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2012-07-17 15:17 . 2012-07-17 15:17 22363136 c:\windows\Installer\64f5640.msp
+ 2012-08-16 08:02 . 2012-05-12 01:12 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-01-13 757760]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-01-09 253952]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312]
"nwiz"="nwiz.exe" [2004-08-03 917504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2007-3-26 921704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 01:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/26/2007 9:24 PM 61526]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/4/2012 12:15 PM 250056]
S3 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [8/6/2012 7:59 PM 33568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 03:15]
.
2012-08-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\PRISMAPI.DLL
.
Completion time: 2012-08-16 18:55:03
ComboFix-quarantined-files.txt 2012-08-16 23:55
ComboFix2.txt 2012-08-16 03:29
ComboFix3.txt 2012-08-13 01:54
.
Pre-Run: 25,381,191,680 bytes free
Post-Run: 25,361,014,784 bytes free
.
- - End Of File - - 51580CE682B52BC56DFA1FC43E9052CD


Greetings! Here is a copy of the scan from "combo". I think that the puter is running MUCH better than before! What else is needed??

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.3.1
J2SE Runtime Environment 5.0 Update 11
Java™ 6 Update 2
Java™ 6 Update 31
Java™ SE Runtime Environment 6 Update 1
Yontoo 1.10.02
[/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

• click on the Free Java Download Button
• click on Agree and start Free download
• click on Run
• click on run again
• click on install
• when install is complete click on close

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steve :: STEVEXP [administrator]

8/17/2012 8:57:22 PM
mbam-log-2012-08-17 (20-57-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180462
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:08:33 PM, on 8/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171003678421
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE

--
End of file - 7134 bytes


No problems with downloading that I am aware of.
The computer seems to be running okay at this point, but have not done anything with it since following these instructions.

Now what?
Thanks a bunch for your help.

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):
  
  
  • O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.
  
  NOTE**You can research each of those lines >here< and see if you want to keep them or not
  just copy the name between the brackets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• click on the Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
• When asked, allow the add/on to be installed
  
  • Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings, ensure the options
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• wait for the virus definitions to be downloaded
• Wait for the scan to finish

When the scan is complete

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
• close program
• report to me that nothing was found

• If threats were found
  
• click on "list of threats found"
• click on "export to text file" and save it as ESET SCAN and save to the desktop
• Click on back
• put a checkmark in "Uninstall application on close"
• click on finish
• close program
• copy and paste the report here

Gringo

C:\Documents and Settings\Steve\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe Win32/OpenCandy application
C:\Documents and Settings\Steve\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application
C:\Qoobox\Quarantine\C\Program Files\Drop Down Deals\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\System Volume Information\_restore{855538BE-EF7B-4F2A-A496-45A3FFEAB780}\RP1373\A0107479.dll a variant of Win32/Adware.Yontoo.A application

Hi You. Here is the report on what the "scan" found! Dang it i was thinking that everything was done. Guess not! What next??

Hello

There are some minor things in your online scan that should be removed.


delete files

• Copy all text in the quote box (below)...to Notepad.
  

  @echo off
  del /f /s /q "C:\Documents and Settings\Steve\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.7.windows.exe"
  del /f /s /q "C:\Documents and Settings\Steve\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe"
  del %0

• Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  It should look like this: <--XP<--vista
• Double click on delfile.bat to execute it.
  A black CMD window will flash, then disappear...this is normal.
• The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

• To re-enable your Emulation drivers, double click DeFogger to run the tool.
  
• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

• Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
  
  
  Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo