Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU captured!


  • This topic is locked This topic is locked
19 replies to this topic

#1 bolson2938

bolson2938

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:45 AM

Posted 20 September 2010 - 01:34 PM

CPU at %100 all the time....already have run various removel programs in safe and standard mode


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:24:40 PM, on 9/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\emMON.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1270017111131
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - Unknown owner - C:\Program Files\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10081 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 27 September 2010 - 08:15 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 04 October 2010 - 05:09 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 04 October 2010 - 10:20 AM

Reopened as requested.

Please post me the requested logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 bolson2938

bolson2938
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:45 AM

Posted 04 October 2010 - 12:20 PM

THANKS!!!

File was to large to paste so their attached.


CPU @ 100%
Cursor blinks
have to to slowly and wait for text
locks up
5-8 mins to boot


I have run Malwarebytes, SuperSpyware, Avast, MicroTrend in normal and safe mode plus several others


Thank you !!

Attached Files



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 04 October 2010 - 02:34 PM

Hello again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 bolson2938

bolson2938
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:45 AM

Posted 04 October 2010 - 06:17 PM

Thank you for your quick response!


ComboFix 10-10-03.03 - User 10/04/2010 17:14:45.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1440 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-02 21:15 . 2010-10-02 21:15 -------- dc----w- c:\program files\iPod
2010-10-02 21:15 . 2010-10-02 21:16 -------- dc----w- c:\program files\iTunes
2010-10-02 21:01 . 2010-10-02 21:01 73000 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-29 19:15 . 2010-09-29 19:15 -------- dc----w- c:\documents and settings\User\Application Data\MSNInstaller
2010-09-29 15:56 . 2010-09-29 15:56 -------- dc----w- c:\windows\system32\wbem\Repository
2010-09-29 15:55 . 2010-09-29 15:55 -------- dc----w- c:\program files\Broadcom
2010-09-29 04:13 . 2010-09-29 04:13 -------- dc----w- c:\documents and settings\Administrator.COMPUTER-D6103\Application Data\SUPERAntiSpyware.com
2010-09-29 04:07 . 2010-09-22 23:33 -------- dc----w- c:\documents and settings\Administrator.COMPUTER-D6103\Local Settings\Application Data\Apple Computer
2010-09-29 04:07 . 2010-09-29 15:54 -------- dc----w- c:\documents and settings\Administrator.COMPUTER-D6103\Local Settings\Application Data\Microsoft
2010-09-29 04:06 . 2010-09-29 15:55 -------- dcs---w- c:\documents and settings\Administrator.COMPUTER-D6103
2010-09-27 01:47 . 2010-09-27 01:47 0 -c--a-w- c:\windows\nsreg.dat
2010-09-27 01:46 . 2010-09-27 01:46 -------- dc----w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2010-09-26 15:32 . 2010-09-26 15:32 -------- dc----w- c:\documents and settings\Jordan\Application Data\WinPatrol
2010-09-25 05:36 . 2010-09-25 05:36 12536 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-09-25 05:36 . 2010-09-25 05:36 243024 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-25 05:34 . 2010-09-25 05:35 216400 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-25 05:34 . 2010-09-25 05:34 29584 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-25 05:33 . 2010-09-30 16:49 -------- dc----w- c:\windows\system32\drivers\Avg
2010-09-25 03:11 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-09-25 03:08 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-09-25 03:08 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-25 03:08 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-25 03:08 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-25 03:08 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-09-25 03:08 . 2010-06-24 22:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-09-25 03:08 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-25 03:01 . 2010-09-25 03:07 -------- dc-h--w- c:\windows\ie8
2010-09-25 00:12 . 2010-09-25 08:22 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-09-24 23:48 . 2010-09-24 23:48 -------- dc----w- c:\program files\Bonjour
2010-09-24 23:16 . 2008-04-14 07:00 18944 -c--a-w- c:\windows\system32\lprmon.dll
2010-09-24 23:16 . 2008-04-14 07:00 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2010-09-24 23:16 . 2008-04-14 07:00 22528 -c--a-w- c:\windows\system32\lpdsvc.dll
2010-09-24 23:16 . 2008-04-14 07:00 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2010-09-24 23:04 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-09-24 23:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-24 22:54 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-09-24 22:54 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-09-24 22:54 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-09-24 22:54 . 2010-04-27 13:05 2066816 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-09-24 22:06 . 2010-03-30 17:24 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll
2010-09-24 19:43 . 2006-09-15 23:49 139264 -c--a-w- c:\windows\system32\igfxres.dll
2010-09-24 19:01 . 2008-04-14 07:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-09-24 19:01 . 2008-04-14 07:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-09-24 19:01 . 2008-04-14 07:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2010-09-24 19:01 . 2008-04-14 07:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-09-24 19:01 . 2008-04-14 07:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2010-09-24 19:01 . 2008-04-14 07:00 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2010-09-24 19:01 . 2008-04-14 07:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2010-09-24 19:01 . 2008-04-14 07:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2010-09-24 19:01 . 2008-04-14 07:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2010-09-24 19:01 . 2008-04-14 07:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-09-24 19:00 . 2008-04-14 07:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-09-24 19:00 . 2008-04-14 07:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-09-24 19:00 . 2008-04-14 07:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-09-24 19:00 . 2008-04-14 07:00 103424 -c--a-w- c:\windows\system32\dllcache\uihelper.dll
2010-09-24 19:00 . 2008-04-14 07:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-09-24 19:00 . 2008-04-14 07:00 33792 -c--a-w- c:\windows\system32\dllcache\tools.dll
2010-09-24 19:00 . 2008-04-14 07:00 10240 -c--a-w- c:\windows\system32\dllcache\tmigrate.dll
2010-09-24 19:00 . 2008-04-14 07:00 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2010-09-24 19:00 . 2008-04-14 07:00 44032 -c--a-w- c:\windows\system32\dllcache\tintlphr.exe
2010-09-24 19:00 . 2008-04-14 07:00 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
2010-09-24 19:00 . 2008-04-14 07:00 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys
2010-09-24 19:00 . 2008-04-14 07:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2010-09-24 18:58 . 2008-04-14 07:00 29184 -c--a-w- c:\windows\system32\dllcache\sm8cw.dll
2010-09-24 18:57 . 2008-04-14 07:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2010-09-24 18:56 . 2008-04-14 07:00 44544 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2010-09-24 18:56 . 2008-04-14 07:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2010-09-24 18:56 . 2008-04-14 07:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-09-24 18:56 . 2008-04-14 07:00 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2010-09-24 18:55 . 2008-04-14 07:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-09-24 18:55 . 2008-04-14 07:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-09-24 18:53 . 2008-04-14 07:00 5632 -c--a-w- c:\windows\system32\dllcache\kbdth1.dll
2010-09-24 18:52 . 2008-04-14 07:00 262200 -c--a-w- c:\windows\system32\dllcache\imjputy.exe
2010-09-24 18:51 . 2008-04-14 07:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2010-09-24 18:51 . 2008-04-14 07:00 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2010-09-24 18:49 . 2003-03-24 21:52 94208 -c--a-w- c:\windows\system32\dllcache\fpencode.dll
2010-09-24 18:48 . 2008-04-14 07:00 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2010-09-24 18:47 . 2008-04-14 07:00 54528 -c--a-w- c:\windows\system32\dllcache\cap7146.sys
2010-09-24 18:47 . 2008-04-14 07:00 10752 -c--a-w- c:\windows\system32\dllcache\c_iscii.dll
2010-09-24 18:47 . 2008-04-14 07:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2010-09-24 18:47 . 2008-04-14 07:00 218112 -c--a-w- c:\windows\system32\dllcache\c_g18030.dll
2010-09-24 18:45 . 2008-04-14 07:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-09-24 18:45 . 2003-03-24 21:52 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2010-09-24 18:45 . 2003-03-24 21:52 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2010-09-24 18:45 . 2008-04-14 07:00 8192 -c--a-w- c:\windows\system32\dllcache\staxmem.dll
2010-09-24 18:45 . 2008-04-14 07:00 189440 -c--a-w- c:\windows\system32\dllcache\smtpadm.dll
2010-09-24 18:45 . 2003-03-24 21:52 16437 -c--a-w- c:\windows\system32\dllcache\shtml.exe
2010-09-24 18:45 . 2003-03-24 21:52 20536 -c--a-w- c:\windows\system32\dllcache\shtml.dll
2010-09-24 18:43 . 2008-04-14 07:00 43520 -c--a-w- c:\windows\system32\dllcache\admwprox.dll
2010-09-24 18:43 . 2003-03-24 21:52 16439 -c--a-w- c:\windows\system32\dllcache\admin.exe
2010-09-24 18:43 . 2003-03-24 21:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2010-09-24 18:33 . 2008-04-14 07:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-24 18:31 . 2008-04-14 07:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2010-09-24 18:31 . 2008-04-14 07:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-09-24 18:31 . 2008-04-14 07:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-09-24 18:31 . 2008-04-14 07:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-09-24 17:46 . 2008-04-14 07:00 24661 -c--a-w- c:\windows\system32\spxcoins.dll
2010-09-24 17:46 . 2008-04-14 07:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-24 17:46 . 2008-04-14 07:00 13312 -c--a-w- c:\windows\system32\irclass.dll
2010-09-24 17:46 . 2008-04-14 07:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-24 15:37 . 2010-09-24 15:42 -------- dc----w- c:\program files\Magical Jelly Bean
2010-09-23 18:21 . 2010-09-23 18:21 -------- dc----w- c:\windows\system32\wbem\Repository.001
2010-09-23 16:34 . 2003-02-14 22:22 24576 -c--a-w- c:\windows\system32\xpsp1hfm.exe
2010-09-23 16:19 . 2008-04-14 05:16 19200 -c--a-w- c:\windows\system32\drivers\wstcodec.sys
2010-09-23 16:19 . 2008-04-14 05:16 17024 -c--a-w- c:\windows\system32\drivers\ccdecode.sys
2010-09-23 16:19 . 2008-04-14 05:09 5504 -c--a-w- c:\windows\system32\drivers\mstee.sys
2010-09-23 16:19 . 2008-04-14 05:16 85248 -c--a-w- c:\windows\system32\drivers\nabtsfec.sys
2010-09-23 16:13 . 2008-04-14 07:00 43520 -c--a-w- c:\windows\system32\racpldlg.dll
2010-09-23 16:12 . 2010-06-14 14:31 744448 -c--a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-23 16:07 . 2008-04-14 07:00 281088 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2010-09-23 16:06 . 2008-04-14 07:00 62464 -c--a-w- c:\windows\system32\wbem\wmipjobj.dll
2010-09-23 16:05 . 2008-06-12 14:23 428032 -c--a-w- c:\windows\system32\msdtcprx.dll
2010-09-23 15:58 . 2008-04-14 05:15 52864 -c--a-w- c:\windows\system32\drivers\DMusic.sys
2010-09-23 15:58 . 2008-04-14 05:15 6272 -c--a-w- c:\windows\system32\drivers\splitter.sys
2010-09-23 15:57 . 2008-04-14 05:10 57600 -c--a-w- c:\windows\system32\drivers\redbook.sys
2010-09-23 15:53 . 2008-04-14 10:41 4096 -c--a-w- c:\windows\system32\ksuser.dll
2010-09-23 15:52 . 2008-04-14 10:43 40840 -c--a-w- c:\windows\system32\drivers\termdd.sys
2010-09-23 15:51 . 2008-04-14 05:02 196224 -c--a-w- c:\windows\system32\drivers\rdpdr.sys
2010-09-23 15:45 . 2008-04-14 07:00 741376 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2010-09-23 15:45 . 2008-04-14 07:00 22016 -c--a-w- c:\windows\system32\dllcache\agt0408.dll
2010-09-23 15:45 . 2008-04-14 07:00 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll
2010-09-23 15:45 . 2008-04-14 07:00 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2010-09-23 15:45 . 2008-04-14 07:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0419.dll
2010-09-23 15:45 . 2008-04-14 07:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0415.dll
2010-09-23 15:45 . 2008-04-14 07:00 19456 -c--a-w- c:\windows\system32\dllcache\agt0405.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 21:24 . 2010-04-09 02:41 -------- dc----w- c:\program files\Motorola Media Link
2010-10-02 21:21 . 2010-06-29 16:49 591456 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-10-02 21:15 . 2010-04-02 18:57 -------- dc----w- c:\program files\Common Files\Apple
2010-10-01 16:59 . 2010-03-31 07:11 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-09-30 16:45 . 2010-05-14 17:17 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-30 16:42 . 2010-04-04 18:13 -------- dc----w- c:\program files\CCleaner
2010-09-26 17:16 . 2010-04-26 22:58 1324 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-09-25 00:11 . 2010-04-02 19:01 46440 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-24 18:25 . 2010-03-31 06:57 23388 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-09-21 18:52 . 2010-06-07 20:41 -------- dc----w- c:\documents and settings\User\Application Data\Skype
2010-09-21 01:17 . 2010-04-03 23:16 40992 -c--a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-20 13:28 . 2010-06-10 15:49 -------- dc----w- c:\documents and settings\User\Application Data\skypePM
2010-09-20 03:43 . 2010-04-04 19:49 -------- dc----w- c:\program files\Lavasoft
2010-09-19 17:04 . 2010-04-17 00:34 40992 -c--a-w- c:\documents and settings\Taylor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-19 01:21 . 2010-08-10 21:37 40992 -c--a-w- c:\documents and settings\Jessie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-17 17:36 . 2010-06-07 20:40 -------- dc----r- c:\program files\Skype
2010-09-17 17:34 . 2010-04-04 19:50 -------- dc----w- c:\program files\Google
2010-09-17 17:31 . 2010-04-04 15:34 -------- dc----w- c:\program files\Research In Motion
2010-09-17 17:31 . 2010-04-04 15:34 -------- dc----w- c:\program files\Common Files\Research In Motion
2010-09-17 17:31 . 2010-04-04 15:35 -------- dc----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-09-17 14:53 . 2010-06-25 22:40 -------- dc----w- c:\program files\Microsoft Silverlight
2010-09-04 16:03 . 2010-09-04 16:03 503808 -c--a-w- c:\documents and settings\Jessie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1274845c-n\msvcp71.dll
2010-09-04 16:03 . 2010-09-04 16:03 499712 -c--a-w- c:\documents and settings\Jessie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1274845c-n\jmc.dll
2010-09-04 16:03 . 2010-09-04 16:03 348160 -c--a-w- c:\documents and settings\Jessie\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1274845c-n\msvcr71.dll
2010-09-04 16:03 . 2010-09-04 16:03 61440 -c--a-w- c:\documents and settings\Jessie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-527f39a5-n\decora-sse.dll
2010-09-04 16:03 . 2010-09-04 16:03 12800 -c--a-w- c:\documents and settings\Jessie\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-527f39a5-n\decora-d3d.dll
2010-09-04 15:22 . 2010-09-04 15:22 503808 -c--a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3448698c-n\msvcp71.dll
2010-09-04 15:22 . 2010-09-04 15:22 499712 -c--a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3448698c-n\jmc.dll
2010-09-04 15:22 . 2010-09-04 15:22 348160 -c--a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3448698c-n\msvcr71.dll
2010-09-04 15:22 . 2010-09-04 15:22 61440 -c--a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5382d9fe-n\decora-sse.dll
2010-09-04 15:22 . 2010-09-04 15:22 12800 -c--a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5382d9fe-n\decora-d3d.dll
2010-09-04 13:25 . 2010-09-04 13:25 -------- dc----w- c:\documents and settings\Jessie\Application Data\Office Genuine Advantage
2010-08-31 19:41 . 2010-06-02 18:52 -------- dc----w- c:\documents and settings\User\Application Data\HpUpdate
2010-08-31 17:07 . 2010-08-31 17:07 9479680 -c--a-w- c:\windows\system32\Mototools_Software_Update_3.3.0_PROD.msi
2010-08-31 16:30 . 2010-04-09 02:13 -------- dc----w- c:\program files\Common Files\Motorola Shared
2010-08-31 16:29 . 2010-08-31 16:29 6036128 -c--a-w- c:\documents and settings\All Users\Application Data\motorola\motorola device Driver\Update\Download\Motorola Device Driver\4.07.1.0\setup\Motorola_Driver_Installation4_7_1.exe
2010-08-31 16:29 . 2010-08-31 16:28 37299713 -c--a-w- c:\documents and settings\All Users\Application Data\motorola\motorola media link\UpDate\Download\Motorola Media Link\1.02.1400.0\patch\patch.exe
2010-08-31 16:29 . 2010-04-09 02:48 -------- dc----w- c:\documents and settings\All Users\Application Data\motorola
2010-08-23 03:07 . 2010-08-23 03:07 -------- dc----w- c:\program files\Common Files\Java
2010-08-23 03:05 . 2010-04-05 18:21 -------- dc----w- c:\program files\Java
2010-08-17 13:17 . 2008-04-14 07:00 58880 -c--a-w- c:\windows\system32\spoolsv.exe
2010-08-10 22:00 . 2010-08-10 22:00 -------- dc----w- c:\documents and settings\Jessie\Application Data\Research In Motion
2010-08-10 21:41 . 2010-08-10 21:41 503808 -c--a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2893ee63-n\msvcp71.dll
2010-08-10 21:41 . 2010-08-10 21:41 499712 -c--a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2893ee63-n\jmc.dll
2010-08-10 21:41 . 2010-08-10 21:41 348160 -c--a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2893ee63-n\msvcr71.dll
2010-08-10 21:41 . 2010-08-10 21:41 61440 -c--a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6926f290-n\decora-sse.dll
2010-08-10 21:41 . 2010-08-10 21:41 12800 -c--a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6926f290-n\decora-d3d.dll
2010-08-10 21:37 . 2010-08-10 21:37 129 -c--a-w- c:\documents and settings\Jessie\Local Settings\Application Data\fusioncache.dat
2010-08-10 03:31 . 2010-06-02 00:16 -------- dc----w- c:\program files\Defraggler
2010-08-10 02:19 . 2010-05-16 15:59 -------- dc----w- c:\program files\PokerStars.NET
2010-08-05 17:48 . 2010-08-05 17:48 503808 -c--a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-763f1a75-n\msvcp71.dll
2010-08-05 17:48 . 2010-08-05 17:48 61440 -c--a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f85bf1e-n\decora-sse.dll
2010-08-05 17:48 . 2010-08-05 17:48 499712 -c--a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-763f1a75-n\jmc.dll
2010-08-05 17:48 . 2010-08-05 17:48 348160 -c--a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-763f1a75-n\msvcr71.dll
2010-08-05 17:48 . 2010-08-05 17:48 12800 -c--a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3f85bf1e-n\decora-d3d.dll
2010-08-03 13:24 . 2010-08-03 13:24 664 -c--a-w- c:\documents and settings\Taylor\Local Settings\Application Data\d3d9caps.tmp
2010-07-27 23:44 . 2010-07-27 23:44 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44 . 2010-07-27 23:44 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:49 . 2008-04-14 07:00 590848 -c--a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-03-31 07:37 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 10:00 . 2010-05-10 21:35 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-07-08 16:09 . 2010-07-08 16:09 8455168 -c--a-w- c:\windows\system32\Mototools_Software_Update_3.0.5.msi
2009-08-13 16:14 . 2009-08-13 16:14 472064 -c--a-w- c:\program files\RootRepeal.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-19 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk *\0aswBoot.exe /A:C: /L:1033 /heur:80 /pup /archives /IA:0 /KBD:2 /dir:C:\Program

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-09-25 05:21 2065760 -c--a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-04 22:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg9wd"=2 (0x2)
"AVG Security Toolbar Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Motorola Media Link\\MML.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/25/2010 12:34 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/25/2010 12:36 AM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\NServiceEntry.exe [5/26/2010 10:40 PM 87336]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [3/31/2010 2:14 AM 87936]
S0 cerc6;cerc6; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/4/2010 2:50 PM 135664]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [4/8/2010 9:17 PM 25856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [5/18/2010 3:57 PM 6016]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/22/2010 10:49 AM 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\30.tmp --> c:\windows\system32\30.tmp [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [4/8/2010 9:17 PM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [4/8/2010 9:17 PM 42752]
S3 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [6/24/2010 2:34 PM 91456]
S3 MotoHelper.exe;Motorola Helper;c:\program files\Motorola\Moto Helper Service\MotoHelper.exe [4/21/2010 5:41 AM 6656]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [5/18/2010 3:57 PM 23424]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/25/2010 12:15 AM 308136]
S4 QOGGUX;QOGGUX;c:\docume~1\User\LOCALS~1\Temp\QOGGUX.exe --> c:\docume~1\User\LOCALS~1\Temp\QOGGUX.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder

2010-10-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-04 22:32]

2010-10-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\30.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'winlogon.exe'(3356)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3300)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(1868)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-04 18:06:24
ComboFix-quarantined-files.txt 2010-10-04 23:06
ComboFix2.txt 2010-09-24 03:28
ComboFix3.txt 2010-09-22 00:58

Pre-Run: 26,458,480,640 bytes free
Post-Run: 26,732,584,960 bytes free

- - End Of File - - 79EC1379EF3BD4EAFCDDB6ACDB0269A2


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 05 October 2010 - 04:48 AM

Nothing obvious there. How are things running now?

What Motorola device are you using?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 bolson2938

bolson2938
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:45 AM

Posted 05 October 2010 - 07:52 AM

Things are running about the same...

The motorola device is a droid

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 05 October 2010 - 11:22 AM

Hi again,

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 10 October 2010 - 05:18 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 bolson2938

bolson2938
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:45 AM

Posted 10 October 2010 - 07:29 PM

sorry....out of town....


FYI.....it appears that all my problems are when I'm using the internet..........type at top of page......."bleeping computer.com Replying etc" fades in and out almost flashes...


here is the MBR log

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 PCIIde.sys
0xBA328000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F13000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EF3000 fltMgr.sys
0xB9EE1000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9ECA000 KSecDD.sys
0xB9EB7000 WudfPf.sys
0xB9E2A000 Ntfs.sys
0xB9DFD000 NDIS.sys
0xB9DE3000 Mup.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9617000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xB9603000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB95D9000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA380000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9594000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB957E000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0xBA590000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB90B8000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xB9075000 \SystemRoot\system32\drivers\STAC97.sys
0xB9051000 \SystemRoot\system32\drivers\portcls.sys
0xBA258000 \SystemRoot\system32\drivers\drmk.sys
0xB902E000 \SystemRoot\system32\drivers\ks.sys
0xB8FFB000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xB8EFE000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xB8E51000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA498000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA268000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA278000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8E3D000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA288000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA298000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB98B5000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA358000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA792000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB98A5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9DAA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8E26000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB9895000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB9885000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA360000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8E15000 \SystemRoot\system32\DRIVERS\psched.sys
0xB9875000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA368000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA370000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8DD1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9865000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8D5D000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA138000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6FD000 \SystemRoot\System32\Drivers\Null.SYS
0xBA610000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xBA612000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA614000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA448000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8B55000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA7E6A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA7E11000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA7DE9000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA7DC7000 \SystemRoot\System32\drivers\afd.sys
0xA84CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA7DA5000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA450000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA7D2A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA7C92000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA84AC000 \SystemRoot\System32\Drivers\Fips.SYS
0xA7C6C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA848C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA208000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA66A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA5A0000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7D5D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7F9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBA398000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA7AAF000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA2A78000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA27E7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA66E000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA2858000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA26F0000 \SystemRoot\system32\DRIVERS\srv.sys
0xA263B000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8298000 \SystemRoot\system32\drivers\sysaudio.sys
0xA175C000 \SystemRoot\System32\Drivers\HTTP.sys
0xA1511000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA14E6000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
760 C:\WINDOWS\system32\smss.exe
816 csrss.exe
848 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1084 svchost.exe
1256 C:\WINDOWS\system32\svchost.exe
1300 C:\WINDOWS\system32\svchost.exe
1408 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1444 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1496 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
1588 svchost.exe
1744 svchost.exe
232 C:\WINDOWS\system32\spoolsv.exe
292 scardsvr.exe
456 svchost.exe
512 C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
540 C:\Program Files\Bonjour\mDNSResponder.exe
572 C:\Program Files\Motorola Media Link\NServiceEntry.exe
600 PresentationFontCache.exe
1484 C:\Program Files\Java\jre6\bin\jqs.exe
1648 C:\WINDOWS\system32\HPZipm12.exe
1712 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1796 C:\Program Files\Google\Update\GoogleUpdate.exe
792 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1632 C:\WINDOWS\explorer.exe
2408 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2428 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
2452 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
2480 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
2512 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
2692 C:\WINDOWS\system32\ctfmon.exe
3412 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
3448 C:\WINDOWS\system32\svchost.exe
3752 C:\WINDOWS\system32\wscntfy.exe
3760 alg.exe
3300 C:\WINDOWS\system32\svchost.exe
2120 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
2304 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2256 C:\WINDOWS\system32\mmc.exe
404 C:\WINDOWS\system32\msiexec.exe
968 locator.exe
3968 C:\Program Files\Internet Explorer\iexplore.exe
728 C:\Program Files\Internet Explorer\iexplore.exe
144 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2060AH, Rev: 000000A0

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,594 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:45 PM

Posted 11 October 2010 - 03:48 AM

Sorry, I don't understand what you are saying here:
QUOTE
FYI.....it appears that all my problems are when I'm using the internet..........type at top of page......."bleeping computer.com Replying etc" fades in and out almost flashes...
You mean text in the address bar of your browser fades/flashes?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 bolson2938

bolson2938
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:45 AM

Posted 11 October 2010 - 09:39 AM

No.......on the blue windows bar above the browser....sometimes as the whole page will fade, similar to adjusting brightness/contrast. It doesn't happen every time and ONLY happens when I have a web page pullled up....doesn't happen if running basic MS programs.

I also have to wait for txt to appear when typing....there is a delay.....right now its a cpl tenths lag/delay other times it's a second or two.

I have tied reinstalling IE, downloaded Firefox, neither helped solve the problem.

Since I'm runniing off a wireless router, I have tested for problems, none found.....although I will be getting a refund from Mediacom as I pay for 12meg and am getting 3meg!!

I did notice a cpl "local service" entries that I haven't seen before......nothing came up good or bad when searching

On the upside, after running ComboFix the unit is loading faster and the CPU isn't stuck on 100%......only when I am working from the browser

QOGGUX No description, No dependencies etc....I disabled it


#15 bolson2938

bolson2938
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest
  • Local time:07:45 AM

Posted 11 October 2010 - 09:43 AM

Also wanted to THANK YOU for helping me and others on this site...!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users