Google redirect and System Restore virus

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Google redirect and System Restore virus Can't do anything!

#1 cocco78

New Member

Group: Members
Posts: 10
Joined: 10-November 11

Posted 10 November 2011 - 07:52 PM

It started with my web searches being redirected to totally different web sites. Then I noticed I could not run my anti-virus, AVG, nothing would happen when I clicked on it. It also seemed like it was blocking access to some web sites. When I started firefox it kept asking me if I wanted to make this my default browser. Next thing I know my desktop icons started disappearing, and everything in my start menu was gone and I keep getting all these errors about my hard drive and eventually a "System Restore" program popped up and started scanning my computer. I tried to follow your Remove Windows Recovery install guide, but Malware bytes didn't seem to get everything as soon as it was done everything started back up again.

As of right now I sit with RKill program run and Unhide.exe and have rsn the dds.exe program.

I can't seem to run the GMER program though, it says something about "not being able to create a stable subkey under a volitile parent key" Then it starts running but most of the checkboxes are grayed out. Only services, registry, and files are able to be checked. After running is states no modifications found.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Mark at 18:22:11 on 2011-11-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1111 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [lxdemon.exe] "c:\program files\lexmark 4800 series\lxdemon.exe"
mRun: [lxdeamon] "c:\program files\lexmark 4800 series\lxdeamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SolidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EMcGxdUaDTp.exe] c:\documents and settings\all users\application data\EMcGxdUaDTp.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{87223387-8505-4C7A-9034-E4B5EA60A940} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: mdhcp32 - mdhcp32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\awo9fnp4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63333
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\awo9fnp4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\awo9fnp4.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\mark\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\mark\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\mark\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009;c:\program files\solidworks corp\solidworks flow simulation\bincfw\StandAloneSlv.exe [2009-2-5 214312]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2008-11-11 99248]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2009-3-19 83240]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-11-10 23:42:29 338776 ----a-w- c:\documents and settings\all users\application data\m1vznbxYr7Apuf.exe
2011-11-10 23:39:09 424800 ----a-w- c:\documents and settings\all users\application data\EMcGxdUaDTp.exe
2011-11-10 23:36:12 50688 ----a-w- c:\windows\system32\mdhcp32.dll
2011-11-09 22:48:26 295696 ----a-w- c:\windows\system32\shimg.dll
2011-11-09 02:32:22 -------- d-sha-r- C:\cmdcons
2011-11-09 02:26:31 98816 ----a-w- c:\windows\sed.exe
2011-11-09 02:26:31 518144 ----a-w- c:\windows\SWREG.exe
2011-11-09 02:26:31 256000 ----a-w- c:\windows\PEV.exe
2011-11-09 02:26:31 208896 ----a-w- c:\windows\MBR.exe
2011-11-09 02:25:07 -------- d-----w- C:\ComboFix
2011-11-09 00:07:15 -------- d-----w- c:\program files\ESET
2011-11-08 23:59:06 -------- d-----w- c:\windows\PIF
2011-11-08 22:44:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 01:25:01 -------- d-----w- c:\documents and settings\mark\application data\Malwarebytes
2011-11-08 01:24:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-08 01:24:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 00:49:07 5110 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-08 00:45:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-08 00:45:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-08 00:45:10 -------- d-----w- C:\$AVG
2011-11-08 00:45:09 -------- d-----w- c:\documents and settings\mark\application data\AVG10
2011-11-07 22:08:49 -------- d-----w- c:\documents and settings\mark\application data\2C60F
2011-10-15 00:35:09 -------- d-----w- c:\documents and settings\mark\local settings\application data\MicroVision Applications
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-19 15:01:27 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:28:18.56 ===============

Attached File(s)

attach.zip (5.66K)
Number of downloads: 0

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 13 November 2011 - 10:45 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

DeFogger

desktop

DeFogger

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not

Download DDS:

DDS by sUBs

Link1

Link2

Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

In your next post I need the following

.logs from DDS
log from RKUnHooker
let me know of any problems you may have had

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 16 November 2011 - 10:07 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

<-- Don't worry every little bit helps.

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 19 November 2011 - 12:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

<-- Don't worry every little bit helps.

#5 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 21 November 2011 - 06:40 PM

This topic has been re-opened at the request of the person who originally posted.

<-- Don't worry every little bit helps.

#6 cocco78

New Member

Group: Members
Posts: 10
Joined: 10-November 11

Posted 21 November 2011 - 07:20 PM

The only thing I have done after turning the computer on is to run tdskiller, otherwise I can't do anything at all.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/9/2008 9:39:01 PM
System Uptime: 11/21/2011 4:27:36 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WG860
Processor: Intel® Core™2 CPU 6700 @ 2.66GHz | Microprocessor | 2660/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 234.8 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&FB7A01B&0&0002
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&FB7A01B&0&0002
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\42BA330080C01C00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\42BA330080C01C00
Service: NIC1394
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01DC1028&REV_02\3&172E68DD&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_283E&SUBSYS_01DC1028&REV_02\3&172E68DD&0&FB
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
.
==== System Restore Points ===================
.
RP370: 8/16/2011 10:31:42 PM - System Checkpoint
RP371: 8/18/2011 12:23:35 AM - System Checkpoint
RP372: 8/19/2011 12:54:18 AM - System Checkpoint
RP373: 8/21/2011 7:18:11 PM - System Checkpoint
RP374: 8/22/2011 8:15:46 PM - System Checkpoint
RP375: 8/23/2011 10:19:50 PM - System Checkpoint
RP376: 8/24/2011 11:03:16 PM - System Checkpoint
RP377: 8/26/2011 12:03:16 AM - System Checkpoint
RP378: 9/5/2011 10:00:41 AM - Software Distribution Service 3.0
RP379: 9/5/2011 5:53:09 PM - Installed QuickTime
RP380: 9/6/2011 6:42:25 PM - System Checkpoint
RP381: 9/7/2011 7:15:24 PM - System Checkpoint
RP382: 9/8/2011 8:00:00 PM - System Checkpoint
RP383: 9/9/2011 8:08:06 PM - System Checkpoint
RP384: 9/10/2011 9:03:50 PM - System Checkpoint
RP385: 9/11/2011 10:03:47 PM - System Checkpoint
RP386: 9/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP387: 9/13/2011 3:20:44 AM - System Checkpoint
RP388: 9/14/2011 5:56:42 AM - System Checkpoint
RP389: 9/15/2011 10:02:37 AM - System Checkpoint
RP390: 9/16/2011 11:52:22 AM - System Checkpoint
RP391: 9/17/2011 1:02:04 PM - System Checkpoint
RP392: 9/18/2011 1:48:27 PM - System Checkpoint
RP393: 9/19/2011 3:00:17 AM - Software Distribution Service 3.0
RP394: 9/20/2011 3:50:24 AM - System Checkpoint
RP395: 9/21/2011 4:48:30 AM - System Checkpoint
RP396: 9/22/2011 5:48:30 AM - System Checkpoint
RP397: 9/23/2011 6:48:27 AM - System Checkpoint
RP398: 9/24/2011 7:00:56 AM - System Checkpoint
RP399: 9/25/2011 10:40:25 AM - System Checkpoint
RP400: 9/26/2011 3:00:17 AM - Software Distribution Service 3.0
RP401: 9/27/2011 4:20:09 AM - System Checkpoint
RP402: 9/28/2011 5:38:07 AM - System Checkpoint
RP403: 9/29/2011 8:13:11 AM - System Checkpoint
RP404: 9/30/2011 9:35:00 AM - System Checkpoint
RP405: 10/1/2011 9:43:32 AM - System Checkpoint
RP406: 10/2/2011 10:27:34 AM - System Checkpoint
RP407: 10/3/2011 3:00:14 AM - Software Distribution Service 3.0
RP408: 10/4/2011 3:21:04 AM - System Checkpoint
RP409: 10/5/2011 4:21:04 AM - System Checkpoint
RP410: 10/6/2011 5:01:48 AM - System Checkpoint
RP411: 10/7/2011 8:32:02 AM - System Checkpoint
RP412: 10/8/2011 10:09:03 AM - System Checkpoint
RP413: 10/9/2011 11:09:26 AM - System Checkpoint
RP414: 10/10/2011 11:53:03 AM - System Checkpoint
RP415: 10/11/2011 5:05:08 PM - System Checkpoint
RP416: 10/12/2011 7:45:37 PM - System Checkpoint
RP417: 10/13/2011 11:06:53 PM - System Checkpoint
RP418: 10/14/2011 11:29:06 PM - System Checkpoint
RP419: 10/16/2011 3:41:06 AM - System Checkpoint
RP420: 10/17/2011 3:00:14 AM - Software Distribution Service 3.0
RP421: 10/18/2011 3:27:35 AM - System Checkpoint
RP422: 10/19/2011 4:27:32 AM - System Checkpoint
RP423: 10/20/2011 7:32:52 AM - System Checkpoint
RP424: 10/21/2011 9:19:31 AM - System Checkpoint
RP425: 10/23/2011 7:26:37 PM - System Checkpoint
RP426: 10/24/2011 8:53:26 PM - System Checkpoint
RP427: 10/25/2011 11:02:03 PM - System Checkpoint
RP428: 10/26/2011 11:57:25 PM - System Checkpoint
RP429: 10/28/2011 3:26:22 AM - System Checkpoint
RP430: 10/29/2011 5:29:30 AM - System Checkpoint
RP431: 10/30/2011 7:29:26 AM - System Checkpoint
RP432: 10/31/2011 7:29:55 AM - System Checkpoint
RP433: 11/1/2011 7:54:05 AM - System Checkpoint
RP434: 11/2/2011 12:18:39 PM - System Checkpoint
RP435: 11/3/2011 1:34:02 PM - System Checkpoint
RP436: 11/4/2011 2:18:08 PM - System Checkpoint
RP437: 11/5/2011 2:30:03 PM - System Checkpoint
RP438: 11/6/2011 3:06:04 PM - System Checkpoint
RP439: 11/7/2011 3:30:04 PM - System Checkpoint
RP440: 11/7/2011 4:10:34 PM - Removed AVG 2011
RP441: 11/7/2011 4:12:12 PM - Removed AVG 2011
RP442: 11/7/2011 4:32:29 PM - Software Distribution Service 3.0
RP443: 11/7/2011 6:44:13 PM - Restore Operation
RP444: 11/7/2011 7:12:17 PM - Installed Microsoft Fix it 50267
RP445: 11/8/2011 7:24:03 PM - System Checkpoint
RP446: 11/8/2011 10:11:56 PM - Software Distribution Service 3.0
RP447: 11/9/2011 5:12:09 PM - Restore Operation
RP448: 11/9/2011 5:16:58 PM - Restore Operation
RP449: 11/10/2011 7:18:43 PM - System Checkpoint
RP450: 11/11/2011 7:27:28 PM - System Checkpoint
RP451: 11/12/2011 8:32:58 PM - System Checkpoint
RP452: 11/13/2011 9:27:27 PM - System Checkpoint
RP453: 11/14/2011 3:00:14 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.2
AnyDVD
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
ATI Display Driver
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
AVG 2011
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CloneDVD2
ConvertHelper 2.2
Critical Update for Windows Media Player 11 (KB959772)
DeLorme Topo North America 9.0
DWGeditor
EASEUS Data Recovery Wizard Free Edition 5.0.1
ESET Online Scanner v3
Free Music Zilla
Google Earth Plug-in
Google Update Helper
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® PRO Network Connections Drivers
Java Auto Updater
Java™ 6 Update 20
jfuse4
Lexmark 4800 Series
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Applications - ENU
Move Media Player
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Oxelon Media Converter 1.0
PhotoView 360
QuickTime
Rigs of Rods
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SigmaTel Audio
SolidWorks 2009 SP03
SolidWorks eDrawings 2009
SolidWorks Flow Simulation 2009 SP03
SolidWorks Motion 2009 SP03
SolidWorks Simulation 2009 SP03
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
Stellar Phoenix Windows Data Recovery V3.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VBA (2627.01)
WebFldrs XP
Windows Backup Utility
Windows Defender
Windows Desktop Search 3.01
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack
.
==== Event Viewer Messages From Past Week ========
.
11/21/2011 5:16:42 PM, error: iastor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
11/21/2011 5:16:42 PM, error: iastor [5] - A parity error was detected on \Device\Ide\iaStor0.
11/21/2011 4:28:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86
11/21/2011 4:28:22 PM, error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
11/21/2011 4:28:22 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdeCATSCustConnectService service to connect.
11/21/2011 4:28:22 PM, error: Service Control Manager [7000] - The lxdeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Mark at 17:07:32 on 2011-11-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1128 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_Plugin.exe -update plugin
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [lxdemon.exe] "c:\program files\lexmark 4800 series\lxdemon.exe"
mRun: [lxdeamon] "c:\program files\lexmark 4800 series\lxdeamon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SolidWorks_CheckForUpdates] "c:\program files\common files\solidworks installation manager\scheduler\sldIMScheduler.exe" /scheduler
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EMcGxdUaDTp.exe] c:\documents and settings\all users\application data\EMcGxdUaDTp.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{87223387-8505-4C7A-9034-E4B5EA60A940} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: mdhcp32 - mdhcp32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\awo9fnp4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63333
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\awo9fnp4.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\awo9fnp4.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\mark\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\mark\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009;c:\program files\solidworks corp\solidworks flow simulation\bincfw\StandAloneSlv.exe [2009-2-5 214312]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2008-11-11 99248]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\solidworks corp\solidworks\swscheduler\DTSCoordinatorService.exe [2009-3-19 83240]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-14 136176]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-11-21 22:45:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-11-21 22:45:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-11-21 22:45:11 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-11-21 22:45:11 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-11-21 22:45:11 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-11-21 22:45:11 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-11-21 22:45:11 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-11-21 22:45:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-11-10 23:42:29 338776 ----a-w- c:\documents and settings\all users\application data\m1vznbxYr7Apuf.exe
2011-11-10 23:36:12 50688 ----a-w- c:\windows\system32\mdhcp32.dll
2011-11-09 22:48:26 295974 ----a-w- c:\windows\system32\shimg.dll
2011-11-09 02:32:22 -------- d-sha-r- C:\cmdcons
2011-11-09 02:26:31 98816 ----a-w- c:\windows\sed.exe
2011-11-09 02:26:31 518144 ----a-w- c:\windows\SWREG.exe
2011-11-09 02:26:31 256000 ----a-w- c:\windows\PEV.exe
2011-11-09 02:26:31 208896 ----a-w- c:\windows\MBR.exe
2011-11-09 02:25:07 -------- d-----w- C:\ComboFix
2011-11-09 00:07:15 -------- d-----w- c:\program files\ESET
2011-11-08 23:59:06 -------- d-----w- c:\windows\PIF
2011-11-08 22:44:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 01:25:01 -------- d-----w- c:\documents and settings\mark\application data\Malwarebytes
2011-11-08 01:24:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-08 01:24:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 00:49:07 5110 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-08 00:45:29 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-08 00:45:29 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-08 00:45:10 -------- d-----w- C:\$AVG
2011-11-08 00:45:09 -------- d-----w- c:\documents and settings\mark\application data\AVG10
2011-11-07 22:08:49 -------- d-----w- c:\documents and settings\mark\application data\2C60F
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:21:47.74 ===============

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8BA7000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 4857856 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF1FB000 C:\WINDOWS\System32\ati3duag.dll 3522560 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF557000 C:\WINDOWS\System32\ativvaxx.dll 2158592 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAA95F000 C:\WINDOWS\system32\drivers\sthda.sys 1114112 bytes (SigmaTel, Inc., NDRC)
0x9C0A4000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 815104 bytes
0xB9E82000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xBF060000 C:\WINDOWS\System32\ati2cqag.dll 638976 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF0FC000 C:\WINDOWS\System32\atikvmag.dll 630784 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB9D7E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA5371000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xBF196000 C:\WINDOWS\System32\atiok3x2.dll 413696 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xB8A49000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9B43000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9724F000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF766000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA9AAE000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x96E06000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8B32000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 233472 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x972F7000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D51000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA53E1000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8B6B000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA542E000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA9AF5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAC5E5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8B0E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8ACF000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA540C000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x96F5F000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB9E4A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB8AF2000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 114688 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xAC609000 C:\WINDOWS\system32\drivers\AtiHdmi.sys 114688 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0xB9D37000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x9885F000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)
0xB9E6A000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0x98832000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9E0B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8AB8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x98849000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0xB9E22000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0x97FFC000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8B93000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9B9C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E38000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8AA7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x9C20F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA308000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA208000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB90A9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA268000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA218000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB86E4000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9C9D5000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xA7ECC000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA228000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA7EAC000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 40960 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB9089000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA258000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x96E6F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA7EEC000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA7EDC000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA7EFC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA330000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xABB63000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA3B8000 C:\WINDOWS\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xBA3C0000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xBA438000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xABB43000 C:\DOCUME~1\Mark\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA3F0000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA428000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA440000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA390000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xA7FF0000 C:\WINDOWS\system32\ckldrv.sys 20480 bytes
0xBA3B0000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)
0xBA420000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xABB6B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA410000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA418000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA4A9A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xA8462000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB96F2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA5FB3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA52DD000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA84A2000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA816F000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9C92000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5A8000 00000022 8192 bytes
0xBA642000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5E6000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xA804B000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)
0xBA640000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA644000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA64E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5E8000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5EA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA693000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA72B000 C:\WINDOWS\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA789000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6BB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
!!!!!!!!!!!Hidden driver: 0x8A574048 00000081 4024 bytes
0x8A573FA9 unknown_irp_handler 87 bytes
==============================================
>Stealth
==============================================
0x8A5765CD Unknown page with executable code, 2611 bytes
0x8A578466 Unknown page with executable code, 2970 bytes
0x8A574048 Unknown page with executable code, 4024 bytes
0x8A576309 Unknown thread object [ ETHREAD 0x8A569020 ] TID: 132, 600 bytes
0x8A577901 Unknown thread object [ ETHREAD 0x8A5698B8 ] TID: 144, 600 bytes

#7 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 21 November 2011 - 07:36 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#8 cocco78

New Member

Group: Members
Posts: 10
Joined: 10-November 11

Posted 23 November 2011 - 12:02 AM

I could not disable my AVG 2011, whatever virus I have is keeping the program from opening. I plan on upgrading to 2012 anyway. I ended up uninstalling it, but combofix said it was still running even after a restart. It took a few tries to get combofix to run but it eventually came up with the report pasted below. The computer seems to be "thinking" quite a bit. I still can't search for anything online without search results being redirected. But I've let the computer sit now for about an hour, I still have a system restore icon on my desktop, when I click properties on it come up as ""C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\m1vznbxYr7Apuf.exe.vir" So that must be a good sign.
ComboFix 11-11-22.03 - Mark 11/22/2011 20:12:33.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1464 [GMT -6:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\m1vznbxYr7Apuf.exe
c:\documents and settings\Mark\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\Mark\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\system32\crt.dat
c:\windows\system32\mdhcp32.dll
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 01:07 . 2011-11-23 01:57 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F19305EE-6FFC-42D3-A872-56A2CC7CA673}\offreg.dll
2011-11-23 01:07 . 2011-10-18 07:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F19305EE-6FFC-42D3-A872-56A2CC7CA673}\mpengine.dll
2011-11-21 22:45 . 2011-11-05 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-21 22:45 . 2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-21 22:45 . 2011-11-05 06:53 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-21 22:45 . 2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-21 22:45 . 2011-11-05 06:53 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-21 22:45 . 2011-11-05 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-21 22:45 . 2011-11-05 03:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-21 22:45 . 2011-11-05 03:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-09 00:07 . 2011-11-09 00:07 -------- d-----w- c:\program files\ESET
2011-11-08 23:59 . 2011-11-08 23:59 -------- d-----w- c:\windows\PIF
2011-11-08 22:44 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 22:38 . 2011-11-08 22:38 -------- d-----w- c:\documents and settings\Administrator.MARK-D91DD72E98\Local Settings\Application Data\Mozilla
2011-11-08 01:25 . 2011-11-08 01:25 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes
2011-11-08 01:24 . 2011-11-08 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-08 01:24 . 2011-11-10 22:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 00:49 . 2011-11-08 00:49 5110 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-08 00:45 . 2011-11-08 00:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-08 00:45 . 2011-11-08 00:45 -------- d-----w- C:\$AVG
2011-11-08 00:45 . 2011-11-08 00:45 -------- d-----w- c:\documents and settings\Mark\Application Data\AVG10
2011-11-07 22:08 . 2011-11-08 00:45 -------- d-----w- c:\documents and settings\Mark\Application Data\2C60F
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-11-10 03:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 06:53 . 2011-11-21 22:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-09_03.21.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-23 01:58 . 2011-11-23 01:58 16384 c:\windows\Temp\Perflib_Perfdata_950.dat
- 2008-11-12 02:38 . 2011-08-12 18:51 17272 c:\windows\system32\spmsg.dll
+ 2008-11-12 02:38 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-04 10:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
+ 2008-11-10 03:40 . 2011-11-21 22:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-10 03:40 . 2010-08-04 05:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-10 03:40 . 2011-11-21 22:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-10 03:40 . 2010-08-04 05:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-10 03:40 . 2010-08-04 05:47 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-11-21 22:39 . 2011-11-21 22:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-11-21 22:40 . 2011-11-21 22:40 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-21 22:40 . 2011-11-21 22:40 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2009-10-02 18:53 . 2011-05-25 00:14 222080 c:\windows\system32\MpSigStub.exe
- 2008-11-12 02:09 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2008-11-12 02:09 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-11-21 22:40 . 2011-11-21 22:40 922624 c:\windows\Installer\b1cc2.msi
+ 2010-01-07 23:20 . 2011-11-09 23:15 9105088 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-09-30 5361272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-19 113664]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdeamon.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\frun.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2/5/2009 5:12 PM 214312]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2010 4:04 PM 136176]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [11/11/2008 10:12 PM 99248]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [3/19/2009 11:31 AM 83240]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2010 4:04 PM 136176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/11/2008 9:05 PM 47360]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 22:03]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 22:03]
.
2011-11-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\awo9fnp4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63333
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-EMcGxdUaDTp.exe - c:\documents and settings\All Users\Application Data\EMcGxdUaDTp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-22 20:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\mshtml.dll
.
Completion time: 2011-11-22 20:58:21
ComboFix-quarantined-files.txt 2011-11-23 02:57
ComboFix2.txt 2011-11-09 03:36
.
Pre-Run: 252,244,221,952 bytes free
Post-Run: 252,234,526,720 bytes free
.
- - End Of File - - 8AD56E94AD5DA14567BF7B1E86AE8EE1

#9 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 23 November 2011 - 12:09 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

<-- Don't worry every little bit helps.

#10 cocco78

New Member

Group: Members
Posts: 10
Joined: 10-November 11

Posted 23 November 2011 - 05:45 PM

Just turned on the computer and a fake anti virus popped up "AV Protection 2011"

I downloaded TDSSKiller but it will not run, dbl click on it and nothing happens. I tried to rename it and nothing.

#11 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 23 November 2011 - 10:13 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo

<-- Don't worry every little bit helps.

#12 cocco78

New Member

Group: Members
Posts: 10
Joined: 10-November 11

Posted 24 November 2011 - 10:29 PM

Success...

21:23:19.0500 2120 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:23:21.0500 2120 ============================================================
21:23:21.0500 2120 Current date / time: 2011/11/24 21:23:21.0500
21:23:21.0500 2120 SystemInfo:
21:23:21.0500 2120
21:23:21.0500 2120 OS Version: 5.1.2600 ServicePack: 3.0
21:23:21.0500 2120 Product type: Workstation
21:23:21.0500 2120 ComputerName: MARK-D91DD72E98
21:23:21.0500 2120 UserName: Mark
21:23:21.0500 2120 Windows directory: C:\WINDOWS
21:23:21.0500 2120 System windows directory: C:\WINDOWS
21:23:21.0500 2120 Processor architecture: Intel x86
21:23:21.0500 2120 Number of processors: 2
21:23:21.0500 2120 Page size: 0x1000
21:23:21.0500 2120 Boot type: Normal boot
21:23:21.0500 2120 ============================================================
21:23:21.0718 2120 Initialize success
21:23:24.0250 2828 ============================================================
21:23:24.0250 2828 Scan started
21:23:24.0250 2828 Mode: Manual;
21:23:24.0250 2828 ============================================================
21:23:24.0921 2828 Abiosdsk - ok
21:23:24.0921 2828 abp480n5 - ok
21:23:25.0015 2828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:23:25.0015 2828 ACPI - ok
21:23:25.0093 2828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:23:25.0093 2828 ACPIEC - ok
21:23:25.0093 2828 adpu160m - ok
21:23:25.0125 2828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:23:25.0125 2828 aec - ok
21:23:25.0234 2828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:23:25.0250 2828 AFD - ok
21:23:25.0281 2828 Aha154x - ok
21:23:25.0328 2828 aic78u2 - ok
21:23:25.0375 2828 aic78xx - ok
21:23:25.0437 2828 AliIde - ok
21:23:25.0453 2828 amsint - ok
21:23:25.0546 2828 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\WINDOWS\system32\Drivers\AnyDVD.sys
21:23:25.0546 2828 AnyDVD - ok
21:23:25.0578 2828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:23:25.0578 2828 Arp1394 - ok
21:23:25.0593 2828 asc - ok
21:23:25.0593 2828 asc3350p - ok
21:23:25.0625 2828 asc3550 - ok
21:23:25.0703 2828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:23:25.0703 2828 AsyncMac - ok
21:23:25.0781 2828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
21:23:25.0781 2828 atapi - ok
21:23:25.0828 2828 Atdisk - ok
21:23:26.0015 2828 ati2mtag (323b30faae1f544a549ebbbd837ed625) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:23:26.0078 2828 ati2mtag - ok
21:23:26.0125 2828 AtiHdmiService (1cae756c8baefb2b25964baa639fdd5c) C:\WINDOWS\system32\drivers\AtiHdmi.sys
21:23:26.0125 2828 AtiHdmiService - ok
21:23:26.0140 2828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:23:26.0140 2828 Atmarpc - ok
21:23:26.0218 2828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:23:26.0218 2828 audstub - ok
21:23:26.0281 2828 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:23:26.0296 2828 AVGIDSDriver - ok
21:23:26.0296 2828 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:23:26.0296 2828 AVGIDSEH - ok
21:23:26.0312 2828 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:23:26.0312 2828 AVGIDSFilter - ok
21:23:26.0390 2828 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:23:26.0390 2828 AVGIDSShim - ok
21:23:26.0453 2828 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:23:26.0453 2828 Avgldx86 - ok
21:23:26.0468 2828 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:23:26.0468 2828 Avgmfx86 - ok
21:23:26.0484 2828 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:23:26.0484 2828 Avgrkx86 - ok
21:23:26.0578 2828 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:23:26.0578 2828 Avgtdix - ok
21:23:26.0593 2828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:23:26.0593 2828 Beep - ok
21:23:26.0671 2828 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:23:26.0671 2828 Bridge - ok
21:23:26.0687 2828 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:23:26.0687 2828 BridgeMP - ok
21:23:26.0828 2828 catchme - ok
21:23:26.0843 2828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:23:26.0859 2828 cbidf2k - ok
21:23:26.0859 2828 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:23:26.0859 2828 CCDECODE - ok
21:23:26.0906 2828 cd20xrnt - ok
21:23:26.0921 2828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:23:26.0921 2828 Cdaudio - ok
21:23:26.0968 2828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:23:26.0984 2828 Cdfs - ok
21:23:27.0031 2828 Cdrom (b9a373fd632aa21beffeab6b7d685a8a) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:23:27.0031 2828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: b9a373fd632aa21beffeab6b7d685a8a, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
21:23:27.0031 2828 Cdrom ( Rootkit.Win32.ZAccess.k ) - infected
21:23:27.0031 2828 Cdrom - detected Rootkit.Win32.ZAccess.k (0)
21:23:27.0125 2828 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:23:27.0125 2828 cercsr6 - ok
21:23:27.0171 2828 Changer - ok
21:23:27.0187 2828 CmdIde - ok
21:23:27.0265 2828 Cpqarray - ok
21:23:27.0281 2828 dac2w2k - ok
21:23:27.0281 2828 dac960nt - ok
21:23:27.0406 2828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:23:27.0406 2828 Disk - ok
21:23:27.0453 2828 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
21:23:27.0468 2828 DLABMFSM - ok
21:23:27.0515 2828 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:23:27.0515 2828 DLABOIOM - ok
21:23:27.0562 2828 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:23:27.0562 2828 DLACDBHM - ok
21:23:27.0656 2828 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
21:23:27.0656 2828 DLADResM - ok
21:23:27.0703 2828 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:23:27.0703 2828 DLAIFS_M - ok
21:23:27.0750 2828 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:23:27.0750 2828 DLAOPIOM - ok
21:23:27.0765 2828 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:23:27.0765 2828 DLAPoolM - ok
21:23:27.0765 2828 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
21:23:27.0765 2828 DLARTL_M - ok
21:23:27.0781 2828 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:23:27.0796 2828 DLAUDFAM - ok
21:23:28.0000 2828 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:23:28.0000 2828 DLAUDF_M - ok
21:23:28.0078 2828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:23:28.0093 2828 dmboot - ok
21:23:28.0140 2828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:23:28.0156 2828 dmio - ok
21:23:28.0250 2828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:23:28.0250 2828 dmload - ok
21:23:28.0312 2828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:23:28.0312 2828 DMusic - ok
21:23:28.0375 2828 dpti2o - ok
21:23:28.0375 2828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:23:28.0375 2828 drmkaud - ok
21:23:28.0390 2828 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:23:28.0406 2828 DRVMCDB - ok
21:23:28.0437 2828 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:23:28.0453 2828 DRVNDDM - ok
21:23:28.0500 2828 e1express (6f7ccd3c02b26d530900f06d98171a69) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:23:28.0500 2828 e1express - ok
21:23:28.0593 2828 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:23:28.0609 2828 ElbyCDIO - ok
21:23:28.0671 2828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:23:28.0687 2828 Fastfat - ok
21:23:28.0750 2828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:23:28.0750 2828 Fdc - ok
21:23:28.0796 2828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:23:28.0796 2828 Fips - ok
21:23:28.0843 2828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:23:28.0843 2828 Flpydisk - ok
21:23:28.0890 2828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:23:28.0906 2828 FltMgr - ok
21:23:28.0937 2828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:23:28.0937 2828 Fs_Rec - ok
21:23:28.0953 2828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:23:28.0968 2828 Ftdisk - ok
21:23:29.0015 2828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:23:29.0015 2828 Gpc - ok
21:23:29.0078 2828 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:23:29.0078 2828 hamachi - ok
21:23:29.0156 2828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:23:29.0156 2828 HDAudBus - ok
21:23:29.0203 2828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:23:29.0203 2828 hidusb - ok
21:23:29.0265 2828 hpn - ok
21:23:29.0312 2828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:23:29.0312 2828 HTTP - ok
21:23:29.0375 2828 i2omgmt - ok
21:23:29.0390 2828 i2omp - ok
21:23:29.0406 2828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:23:29.0406 2828 i8042prt - ok
21:23:29.0500 2828 iastor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:23:29.0500 2828 iastor - ok
21:23:29.0546 2828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:23:29.0546 2828 Imapi - ok
21:23:29.0593 2828 ini910u - ok
21:23:29.0609 2828 IntelIde - ok
21:23:29.0625 2828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:23:29.0625 2828 intelppm - ok
21:23:29.0687 2828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:23:29.0687 2828 Ip6Fw - ok
21:23:29.0765 2828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:23:29.0765 2828 IpFilterDriver - ok
21:23:29.0828 2828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:23:29.0828 2828 IpInIp - ok
21:23:29.0843 2828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:23:29.0843 2828 IpNat - ok
21:23:29.0906 2828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:23:29.0906 2828 IPSec - ok
21:23:29.0953 2828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:23:29.0953 2828 IRENUM - ok
21:23:29.0968 2828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:23:29.0968 2828 isapnp - ok
21:23:30.0078 2828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:23:30.0093 2828 Kbdclass - ok
21:23:30.0140 2828 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:23:30.0140 2828 kbdhid - ok
21:23:30.0187 2828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:23:30.0187 2828 kmixer - ok
21:23:30.0250 2828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:23:30.0265 2828 KSecDD - ok
21:23:30.0328 2828 lbrtfdc - ok
21:23:30.0359 2828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:23:30.0359 2828 mnmdd - ok
21:23:30.0453 2828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:23:30.0453 2828 Modem - ok
21:23:30.0515 2828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:23:30.0515 2828 Mouclass - ok
21:23:30.0562 2828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:23:30.0562 2828 mouhid - ok
21:23:30.0656 2828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:23:30.0656 2828 MountMgr - ok
21:23:30.0656 2828 mraid35x - ok
21:23:30.0781 2828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:23:30.0781 2828 MRxDAV - ok
21:23:30.0890 2828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:23:30.0921 2828 MRxSmb - ok
21:23:30.0984 2828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:23:30.0984 2828 Msfs - ok
21:23:31.0015 2828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:23:31.0015 2828 MSKSSRV - ok
21:23:31.0093 2828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:23:31.0093 2828 MSPCLOCK - ok
21:23:31.0187 2828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:23:31.0187 2828 MSPQM - ok
21:23:31.0281 2828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:23:31.0281 2828 mssmbios - ok
21:23:31.0359 2828 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:23:31.0359 2828 MSTEE - ok
21:23:31.0437 2828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:23:31.0453 2828 Mup - ok
21:23:31.0531 2828 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:23:31.0546 2828 NABTSFEC - ok
21:23:31.0625 2828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:23:31.0625 2828 NDIS - ok
21:23:31.0687 2828 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:23:31.0687 2828 NdisIP - ok
21:23:31.0796 2828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:23:31.0796 2828 NdisTapi - ok
21:23:31.0859 2828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:23:31.0859 2828 Ndisuio - ok
21:23:31.0906 2828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:23:31.0906 2828 NdisWan - ok
21:23:31.0921 2828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:23:31.0921 2828 NDProxy - ok
21:23:31.0968 2828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:23:31.0984 2828 NetBIOS - ok
21:23:32.0078 2828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:23:32.0078 2828 NetBT - ok
21:23:32.0140 2828 NetworkX (cc445813f4aef54712f6f21e32022445) C:\WINDOWS\system32\ckldrv.sys
21:23:32.0171 2828 NetworkX - ok
21:23:32.0265 2828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:23:32.0265 2828 NIC1394 - ok
21:23:32.0328 2828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:23:32.0328 2828 Npfs - ok
21:23:32.0359 2828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:23:32.0359 2828 Ntfs - ok
21:23:32.0453 2828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:23:32.0453 2828 Null - ok
21:23:32.0531 2828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:23:32.0531 2828 NwlnkFlt - ok
21:23:32.0593 2828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:23:32.0609 2828 NwlnkFwd - ok
21:23:32.0609 2828 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:23:32.0609 2828 ohci1394 - ok
21:23:32.0640 2828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:23:32.0640 2828 Parport - ok
21:23:32.0687 2828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:23:32.0687 2828 PartMgr - ok
21:23:32.0781 2828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:23:32.0781 2828 ParVdm - ok
21:23:32.0843 2828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:23:32.0843 2828 PCI - ok
21:23:32.0921 2828 PCIDump - ok
21:23:32.0937 2828 PCIIde - ok
21:23:33.0078 2828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:23:33.0078 2828 Pcmcia - ok
21:23:33.0171 2828 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
21:23:33.0171 2828 pcouffin - ok
21:23:33.0250 2828 PDCOMP - ok
21:23:33.0250 2828 PDFRAME - ok
21:23:33.0265 2828 PDRELI - ok
21:23:33.0281 2828 PDRFRAME - ok
21:23:33.0343 2828 perc2 - ok
21:23:33.0359 2828 perc2hib - ok
21:23:33.0406 2828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:23:33.0421 2828 PptpMiniport - ok
21:23:33.0468 2828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:23:33.0468 2828 PSched - ok
21:23:33.0484 2828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:23:33.0484 2828 Ptilink - ok
21:23:33.0500 2828 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:23:33.0515 2828 PxHelp20 - ok
21:23:33.0578 2828 ql1080 - ok
21:23:33.0593 2828 Ql10wnt - ok
21:23:33.0671 2828 ql12160 - ok
21:23:33.0671 2828 ql1240 - ok
21:23:33.0687 2828 ql1280 - ok
21:23:33.0812 2828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:23:33.0812 2828 RasAcd - ok
21:23:33.0859 2828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:23:33.0859 2828 Rasl2tp - ok
21:23:33.0906 2828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:23:33.0906 2828 RasPppoe - ok
21:23:33.0906 2828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:23:33.0906 2828 Raspti - ok
21:23:33.0921 2828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:23:33.0921 2828 Rdbss - ok
21:23:33.0984 2828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:23:33.0984 2828 RDPCDD - ok
21:23:34.0078 2828 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:23:34.0078 2828 RDPWD - ok
21:23:34.0171 2828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:23:34.0187 2828 redbook - ok
21:23:34.0250 2828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:23:34.0265 2828 Secdrv - ok
21:23:34.0328 2828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:23:34.0343 2828 Serial - ok
21:23:34.0390 2828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:23:34.0390 2828 Sfloppy - ok
21:23:34.0406 2828 Simbad - ok
21:23:34.0484 2828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:23:34.0484 2828 SLIP - ok
21:23:34.0546 2828 Sparrow - ok
21:23:34.0562 2828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:23:34.0562 2828 splitter - ok
21:23:34.0625 2828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:23:34.0625 2828 sr - ok
21:23:34.0718 2828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:23:34.0718 2828 Srv - ok
21:23:34.0828 2828 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
21:23:34.0843 2828 STHDA - ok
21:23:34.0906 2828 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:23:34.0906 2828 streamip - ok
21:23:34.0968 2828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:23:34.0968 2828 swenum - ok
21:23:35.0078 2828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:23:35.0078 2828 swmidi - ok
21:23:35.0140 2828 symc810 - ok
21:23:35.0156 2828 symc8xx - ok
21:23:35.0156 2828 sym_hi - ok
21:23:35.0234 2828 sym_u3 - ok
21:23:35.0250 2828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:23:35.0250 2828 sysaudio - ok
21:23:35.0328 2828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:23:35.0343 2828 Tcpip - ok
21:23:35.0421 2828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:23:35.0421 2828 TDPIPE - ok
21:23:35.0500 2828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:23:35.0500 2828 TDTCP - ok
21:23:35.0562 2828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:23:35.0562 2828 TermDD - ok
21:23:35.0578 2828 TosIde - ok
21:23:35.0593 2828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:23:35.0609 2828 Udfs - ok
21:23:35.0656 2828 ultra - ok
21:23:35.0718 2828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:23:35.0718 2828 Update - ok
21:23:35.0796 2828 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:23:35.0796 2828 usbaudio - ok
21:23:35.0875 2828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:23:35.0875 2828 usbccgp - ok
21:23:35.0937 2828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:23:35.0937 2828 usbehci - ok
21:23:35.0984 2828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:23:35.0984 2828 usbhub - ok
21:23:36.0000 2828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:23:36.0000 2828 usbprint - ok
21:23:36.0000 2828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:23:36.0000 2828 usbscan - ok
21:23:36.0109 2828 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:23:36.0125 2828 usbstor - ok
21:23:36.0125 2828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:23:36.0125 2828 usbuhci - ok
21:23:36.0203 2828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:23:36.0203 2828 usbvideo - ok
21:23:36.0265 2828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:23:36.0265 2828 VgaSave - ok
21:23:36.0312 2828 ViaIde - ok
21:23:36.0312 2828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:23:36.0328 2828 VolSnap - ok
21:23:36.0390 2828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:23:36.0390 2828 Wanarp - ok
21:23:36.0437 2828 WDICA - ok
21:23:36.0453 2828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:23:36.0453 2828 wdmaud - ok
21:23:36.0531 2828 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:23:36.0531 2828 WSTCODEC - ok
21:23:36.0640 2828 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:23:36.0640 2828 WudfPf - ok
21:23:36.0734 2828 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:23:36.0734 2828 WudfRd - ok
21:23:36.0750 2828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:23:36.0828 2828 \Device\Harddisk0\DR0 - ok
21:23:36.0828 2828 Boot (0x1200) (b404e254de3ab745969767280ad3b0de) \Device\Harddisk0\DR0\Partition0
21:23:36.0828 2828 \Device\Harddisk0\DR0\Partition0 - ok
21:23:36.0828 2828 ============================================================
21:23:36.0828 2828 Scan finished
21:23:36.0828 2828 ============================================================
21:23:36.0843 1256 Detected object count: 1
21:23:36.0843 1256 Actual detected object count: 1
21:23:50.0406 1256 Backup copy found, using it..
21:23:50.0406 1256 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
21:23:56.0734 1256 Cdrom ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
21:24:25.0140 1664 Deinitialize success

#13 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 25 November 2011 - 10:27 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Link 1

Link 2

Link 3

**Note: It is important that it is saved directly to your desktop**

combofix.exe

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#14 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,518
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 28 November 2011 - 01:39 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

<-- Don't worry every little bit helps.

#15 cocco78

New Member

Group: Members
Posts: 10
Joined: 10-November 11

Posted 28 November 2011 - 06:21 PM

No problems running the new combofix, I turned off my AVG and it ran fine, a few popups that I had to click "OK" and the computer restarted twice. The computer seems to be running good at the moment, I will have to work with it a bit to really tell. When I opened firefox it did ask me if I wanted it as my default browser which I always use firefox...

ComboFix 11-11-28.02 - Mark 11/28/2011 16:50:31.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1464 [GMT -6:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mark\Application Data\ldr.ini
c:\documents and settings\Mark\Start Menu\Programs\AV Protection 2011
c:\documents and settings\Mark\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
c:\windows\$NtUninstallKB27322$
c:\windows\$NtUninstallKB27322$\3261485775
c:\windows\$NtUninstallKB27322$\613109297\@
c:\windows\$NtUninstallKB27322$\613109297\bckfg.tmp
c:\windows\$NtUninstallKB27322$\613109297\cfg.ini
c:\windows\$NtUninstallKB27322$\613109297\Desktop.ini
c:\windows\$NtUninstallKB27322$\613109297\keywords
c:\windows\$NtUninstallKB27322$\613109297\kwrd.dll
c:\windows\$NtUninstallKB27322$\613109297\L\fzsxntat
c:\windows\$NtUninstallKB27322$\613109297\lsflt7.ver
c:\windows\$NtUninstallKB27322$\613109297\U\00000001.@
c:\windows\$NtUninstallKB27322$\613109297\U\00000002.@
c:\windows\$NtUninstallKB27322$\613109297\U\00000004.@
c:\windows\$NtUninstallKB27322$\613109297\U\80000000.@
c:\windows\$NtUninstallKB27322$\613109297\U\80000004.@
c:\windows\$NtUninstallKB27322$\613109297\U\80000032.@
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-23 22:26 . 2011-11-23 22:26 -------- d-----w- c:\documents and settings\Mark\Application Data\l4aQH6sWKfLg
2011-11-23 12:41 . 2011-11-23 12:41 -------- d-----w- c:\documents and settings\Mark\Application Data\d1ibD3pnGaHdKfL
2011-11-23 11:29 . 2011-11-23 11:29 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-23 06:20 . 2011-11-23 06:20 -------- d-----w- c:\documents and settings\Mark\Application Data\PcccA1ivD2on4aH
2011-11-23 06:20 . 2011-11-23 06:20 -------- d-----w- c:\documents and settings\Mark\Application Data\pcA1ivD2oFaH
2011-11-23 06:19 . 2011-11-23 06:19 -------- d-----w- c:\documents and settings\Mark\Application Data\o4aQH6sWKfLgXjC
2011-11-23 04:46 . 2011-11-23 04:46 -------- d-----w- c:\documents and settings\Mark\Application Data\AVG2012
2011-11-23 04:44 . 2011-11-23 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-11-23 01:07 . 2011-10-18 07:28 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{F19305EE-6FFC-42D3-A872-56A2CC7CA673}\mpengine.dll
2011-11-21 22:45 . 2011-11-05 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-21 22:45 . 2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-21 22:45 . 2011-11-05 06:53 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-21 22:45 . 2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-21 22:45 . 2011-11-05 06:53 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-21 22:45 . 2011-11-05 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-21 22:45 . 2011-11-05 03:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-21 22:45 . 2011-11-05 03:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-09 00:07 . 2011-11-09 00:07 -------- d-----w- c:\program files\ESET
2011-11-08 23:59 . 2011-11-08 23:59 -------- d-----w- c:\windows\PIF
2011-11-08 22:44 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 22:38 . 2011-11-08 22:38 -------- d-----w- c:\documents and settings\Administrator.MARK-D91DD72E98\Local Settings\Application Data\Mozilla
2011-11-08 01:25 . 2011-11-08 01:25 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes
2011-11-08 01:24 . 2011-11-08 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-08 01:24 . 2011-11-10 22:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 00:49 . 2011-11-08 00:49 5110 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-08 00:45 . 2011-11-08 00:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-08 00:45 . 2011-11-08 00:45 -------- d-----w- C:\$AVG
2011-11-08 00:45 . 2011-11-08 00:45 -------- d-----w- c:\documents and settings\Mark\Application Data\AVG10
2011-11-07 22:08 . 2011-11-08 00:45 -------- d-----w- c:\documents and settings\Mark\Application Data\2C60F
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 03:25 . 2004-08-04 10:00 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-10-10 14:22 . 2008-11-10 03:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 12:30 . 2011-09-13 12:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 06:53 . 2011-11-21 22:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-09_03.21.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-28 23:05 . 2011-11-28 23:05 16384 c:\windows\Temp\Perflib_Perfdata_f4.dat
+ 2008-11-12 02:38 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
- 2008-11-12 02:38 . 2011-08-12 18:51 17272 c:\windows\system32\spmsg.dll
+ 2011-08-08 12:08 . 2011-08-08 12:08 40016 c:\windows\system32\drivers\avgmfx86.sys
+ 2011-07-11 07:14 . 2011-07-11 07:14 24272 c:\windows\system32\drivers\AVGIDSFilter.sys
+ 2011-07-11 07:14 . 2011-07-11 07:14 23120 c:\windows\system32\drivers\AVGIDSEH.sys
+ 2004-08-04 10:00 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe
- 2008-11-10 03:40 . 2010-08-04 05:47 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-10 03:40 . 2011-11-21 22:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-10 03:40 . 2011-11-21 22:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-10 03:40 . 2010-08-04 05:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-11-21 22:40 . 2011-11-21 22:40 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-11-21 22:40 . 2011-11-21 22:40 65536 c:\windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe
+ 2009-10-02 18:53 . 2011-05-25 00:14 222080 c:\windows\system32\MpSigStub.exe
+ 2011-07-11 07:14 . 2011-07-11 07:14 295248 c:\windows\system32\drivers\avgtdix.sys
+ 2011-07-11 07:14 . 2011-07-11 07:14 134608 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2008-11-12 02:09 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
- 2008-11-12 02:09 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\system32\dllcache\crypt32.dll
- 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-11-21 22:40 . 2011-11-21 22:40 922624 c:\windows\Installer\b1cc2.msi
+ 2010-01-07 23:20 . 2011-11-09 23:15 9105088 c:\windows\system32\Restore\rstrlog.dat
+ 2011-11-23 04:44 . 2011-11-23 04:44 4671488 c:\windows\Installer\5228be.msi
+ 2011-11-23 04:43 . 2011-11-23 04:43 2186240 c:\windows\Installer\5228ba.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-09-30 5361272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-11 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-19 113664]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdeamon.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\frun.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 Remote Solver for Flow Simulation 2009;Remote Solver for Flow Simulation 2009;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2/5/2009 5:12 PM 214312]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2010 4:04 PM 136176]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [11/11/2008 10:12 PM 99248]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [3/19/2009 11:31 AM 83240]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2010 4:04 PM 136176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/11/2008 9:05 PM 47360]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 22:03]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 22:03]
.
2011-11-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\awo9fnp4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63333
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-27930943.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 17:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3056)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp1.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\stsystra.exe
c:\windows\system32\lxdecoms.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-11-28 17:14:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 23:14
ComboFix2.txt 2011-11-09 03:36
.
Pre-Run: 250,968,694,784 bytes free
Post-Run: 251,279,855,616 bytes free
.
- - End Of File - - 4AB52B90A947CF7D18F5A675A1806EBD