Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with startup on laptop


  • This topic is locked This topic is locked
13 replies to this topic

#1 live2bfit

live2bfit

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 28 April 2011 - 11:10 PM

My laptop hangs up when I reboot it. It acts like it is done loading but the hourglass is still there anytime I put the cursor on the bar at the bottom. I cannot click anything and the CTRL-ALT-DEL does not work to see what is running. I have AVG, Malwarebytes, and Super Anti Spyware all installed and run it with no issues found. I suspect registry issues. I have run HiJackThis and have the log if someone can take a look.
I am using Windows XP Home Edition and typically use Chrome.


Please advise.

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.

If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


I was able to run both scans but am now in safe mode to send you this. The system just hangs up and never gets to where I can actually use it. My Malwarebytes cannot update and the scheduler keeps getting kicked off so it never runs.

I appreciate any help you can provide. My DDS and GMER logs are below and the attach file is attached.

Let me know if you need anything else.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 21:46:05.12 on Sat 04/30/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
.
============== Running Processes ===============
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\System32\alg.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\hp\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe
C:\Program Files\hp\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Palm\Hotsync.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\hp\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\hp\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
c:\program files\real\realplayer\RealPlay.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=CX2619
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultUrl = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm047YYUS&ptb=ekT66oRACrq2a6aISrsdhQ&psa=&ind=2010071015&ptnrS=ZJxdm047YYUS&si=&st=sb&n=77cf3fe7&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/eol_pre_falcon.asp?src=RegWiz&affid=370&langid=1&cid=54002
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] -scheduler
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10n_ActiveX.exe -update activex
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [PDFHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exe
mRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exe
mRun: [Nuance PDF Converter Professional 7-reminder] "c:\program files\nuance\pdf professional 7\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf converter professional 7\ereg\Ereg.ini"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
dRun: [Power2GoExpress] NA
IE: &Search
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7.0 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100
IE: Open with PDF Professional 7 - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: mlxchange.com
Trusted Zone: safemls.net
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - hxxps://www.topproduceronline.com/downloads/msjavx86.exe
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/FileCruiser.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/Specfile.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/MLSClientUtils.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/LiteGrid.cab
DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/IRCWebPrint.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.clearcapital.com/imageUpload/ImageUploader6.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www2.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/WebDog.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/AspCustomCtrls.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\yj582qo7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\docume~1\owner\applic~1\powerc~1\nppowerloader.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nuance\pdf professional 7\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf professional 7\bin\nppdf.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R? Andbus;LGE Android Composite USB Device
R? AndDiag;LGE Android USB Serial Port
R? AndGps;LGE Android USB GPS NMEA Port
R? ANDModem;LGE Android USB Modem
R? androidusb;ADB Interface Driver
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver
R? pnetmdm;PdaNet Modem
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? FinePnt;FinePoint Innovations HID Driver
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MSSQL$ACT7;SQL Server (ACT7)
S? MSTabBtn;Tablet PC Buttons HID Driver
S? pneteth;PdaNet Broadband
S? SASDIFSV;SASDIFSV
S? SASENUM;SASENUM
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2011-05-01 01:29:53 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-05-01 00:57:44 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-05-01 00:57:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-05-01 00:55:57 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-05-01 00:55:52 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-05-01 00:55:48 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-05-01 00:55:45 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-05-01 00:55:40 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-05-01 00:55:39 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2011-05-01 00:55:14 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-05-01 00:55:10 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-05-01 00:55:07 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-05-01 00:55:03 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-05-01 00:54:58 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-05-01 00:54:46 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-01 00:54:42 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-05-01 00:54:40 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-05-01 00:54:33 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-05-01 00:54:30 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-05-01 00:54:26 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-05-01 00:54:24 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-05-01 00:54:14 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-05-01 00:54:10 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-05-01 00:54:04 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2011-05-01 00:54:00 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2011-05-01 00:53:55 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-05-01 00:53:51 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2011-05-01 00:53:38 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-05-01 00:53:33 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-05-01 00:53:30 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-05-01 00:53:26 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2011-05-01 00:53:22 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-05-01 00:53:18 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2011-05-01 00:53:14 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-05-01 00:53:10 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2011-05-01 00:53:07 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-05-01 00:53:03 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2011-05-01 00:51:54 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-05-01 00:51:47 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-05-01 00:51:42 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-05-01 00:51:40 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2011-05-01 00:51:12 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-05-01 00:50:57 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-05-01 00:50:53 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-05-01 00:50:47 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-05-01 00:50:42 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-05-01 00:50:41 16384 -c--a-w- c:\windows\system32\dllcache\quser.exe
2011-05-01 00:50:40 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2011-05-01 00:50:25 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-05-01 00:50:17 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-05-01 00:50:13 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-05-01 00:50:10 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2011-05-01 00:50:09 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-05-01 00:50:05 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2011-05-01 00:48:56 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2011-05-01 00:48:52 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2011-05-01 00:48:47 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll
2011-05-01 00:48:40 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-05-01 00:48:38 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2011-05-01 00:48:36 211584 -c--a-w- c:\windows\system32\dllcache\perm2dll.dll
2011-05-01 00:48:34 27904 -c--a-w- c:\windows\system32\dllcache\perm2.sys
2011-05-01 00:48:19 169984 -c--a-w- c:\windows\system32\dllcache\pcx500.sys
2011-05-01 00:48:15 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2011-05-01 00:48:10 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2011-05-01 00:48:07 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-05-01 00:48:03 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2011-05-01 00:46:59 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-05-01 00:46:55 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-05-01 00:46:51 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-05-01 00:46:47 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-05-01 00:46:43 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-05-01 00:46:38 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-05-01 00:46:34 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-05-01 00:46:28 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-05-01 00:46:00 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-05-01 00:45:51 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-05-01 00:45:34 2027008 -c--a-w- c:\windows\system32\dllcache\OLD4BB.tmp
2011-05-01 00:45:26 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-05-01 00:45:25 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-05-01 00:45:12 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-05-01 00:45:04 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-05-01 00:44:57 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-05-01 00:44:29 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-01 00:44:25 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-05-01 00:44:08 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-05-01 00:44:07 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2011-05-01 00:44:00 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-05-01 00:43:45 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-05-01 00:43:36 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-05-01 00:43:33 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-05-01 00:43:29 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2011-05-01 00:43:26 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2011-05-01 00:43:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2011-05-01 00:43:12 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-05-01 00:43:09 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2011-05-01 00:43:06 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-05-01 00:43:02 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2011-05-01 00:42:59 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2011-05-01 00:42:55 35392 -c--a-w- c:\windows\system32\dllcache\n9i128.dll
2011-05-01 00:42:52 128000 -c--a-w- c:\windows\system32\dllcache\n100325.sys
2011-05-01 00:42:48 52255 -c--a-w- c:\windows\system32\dllcache\n1000nt5.sys
2011-05-01 00:42:44 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-05-01 00:42:40 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-05-01 00:42:37 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2011-05-01 00:42:33 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-05-01 00:42:29 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-05-01 00:42:28 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-05-01 00:42:15 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-05-01 00:41:27 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-05-01 00:41:26 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-05-01 00:41:13 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-05-01 00:40:51 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-05-01 00:40:46 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-05-01 00:40:44 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-05-01 00:40:19 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-05-01 00:40:15 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-05-01 00:40:13 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-05-01 00:38:50 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-05-01 00:38:44 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2011-05-01 00:38:38 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-05-01 00:38:34 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-05-01 00:38:33 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-05-01 00:38:32 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2011-05-01 00:38:29 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-05-01 00:38:25 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-05-01 00:38:21 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-05-01 00:38:18 26624 -c--a-w- c:\windows\system32\dllcache\mdsync.dll
2011-05-01 00:38:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-05-01 00:38:00 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2011-05-01 00:36:43 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-05-01 00:36:35 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-05-01 00:36:31 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-05-01 00:36:25 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-05-01 00:36:22 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-05-01 00:36:18 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-05-01 00:36:14 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-05-01 00:36:06 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-05-01 00:36:05 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-05-01 00:36:01 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-05-01 00:36:00 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-05-01 00:34:59 5632 -c--a-w- c:\windows\system32\dllcache\kbdheb.dll
2011-05-01 00:33:57 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-05-01 00:32:58 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe
2011-05-01 00:31:58 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2011-05-01 00:31:53 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2011-05-01 00:31:50 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2011-05-01 00:31:47 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2011-05-01 00:31:44 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2011-05-01 00:31:41 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys
2011-05-01 00:31:36 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys
2011-05-01 00:31:34 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2011-05-01 00:31:30 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys
2011-05-01 00:31:25 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-05-01 00:31:21 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-05-01 00:31:10 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2011-05-01 00:31:01 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2011-05-01 00:29:59 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2011-05-01 00:28:58 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2011-05-01 00:27:58 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2011-05-01 00:26:59 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2011-05-01 00:25:58 283904 -c--a-w- c:\windows\system32\dllcache\emu10k1m.sys
2011-05-01 00:24:51 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-05-01 00:24:25 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2011-05-01 00:24:23 8704 -c--a-w- c:\windows\system32\dllcache\dot4scan.sys
2011-05-01 00:24:06 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2011-05-01 00:24:05 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2011-05-01 00:24:03 26698 -c--a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2011-05-01 00:24:01 952007 -c--a-w- c:\windows\system32\dllcache\diwan.sys
2011-05-01 00:22:56 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2011-05-01 00:21:59 96256 -c--a-w- c:\windows\system32\dllcache\ctlsb16.sys
2011-05-01 00:20:55 248064 -c--a-w- c:\windows\system32\dllcache\cl546xm.sys
2011-05-01 00:19:57 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2011-05-01 00:18:59 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2011-05-01 00:17:52 36128 -c--a-w- c:\windows\system32\dllcache\banshee.sys
2011-05-01 00:16:59 10240 -c--a-w- c:\windows\system32\dllcache\atipcxxx.sys
2011-05-01 00:15:54 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-05-01 00:15:37 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-05-01 00:15:36 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2011-05-01 00:15:32 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2011-05-01 00:15:29 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2011-05-01 00:15:28 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2011-05-01 00:14:44 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-05-01 00:14:44 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2011-05-01 00:14:42 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-05-01 00:14:37 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2011-05-01 00:14:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2011-05-01 00:14:27 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2011-05-01 00:14:26 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2011-05-01 00:14:24 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2011-05-01 00:14:23 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2011-05-01 00:14:20 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
2011-05-01 00:14:07 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll
2011-05-01 00:14:00 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2011-05-01 00:13:59 297728 -c--a-w- c:\windows\system32\dllcache\ac97sis.sys
2011-05-01 00:13:57 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2011-05-01 00:13:55 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2011-05-01 00:13:51 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2011-05-01 00:13:50 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-05-01 00:13:49 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2011-05-01 00:13:47 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2011-05-01 00:13:46 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2011-05-01 00:13:45 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2011-05-01 00:13:43 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2011-05-01 00:13:36 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2011-05-01 00:13:34 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2011-05-01 00:11:23 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-05-01 00:11:10 2148864 -c--a-w- c:\windows\system32\dllcache\OLD4C.tmp
2011-05-01 00:10:38 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-05-01 00:10:36 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-05-01 00:10:30 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-05-01 00:10:28 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-05-01 00:10:27 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-05-01 00:10:22 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-04-30 23:14:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-30 23:14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-30 19:59:56 -------- d-----w- c:\windows\Repair
2011-04-30 19:56:42 -------- d-----w- c:\program files\Runtime Software
2011-04-27 22:59:04 -------- d-----w- C:\c316f5b6f48b715b1edd3963
2011-04-23 02:14:58 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-23 02:13:44 -------- d-----w- c:\program files\Trend Micro
2011-04-21 02:51:12 -------- d-----w- c:\docume~1\owner\applic~1\Uniblue
2011-04-21 02:50:07 -------- dc----w- c:\docume~1\alluse~1\applic~1\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-04-21 02:50:02 -------- d-----w- c:\program files\Uniblue
2011-04-17 04:57:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\SQL Anywhere 11
2011-04-17 03:35:43 -------- d-----w- c:\windows\Intuit
2011-04-09 00:53:56 -------- d-----w- C:\Trend Micro Cleanup
.
==================== Find3M ====================
.
2011-04-30 23:36:37 2462 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 21:53:51.43 ===============


GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-30 23:30:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54108 rev.MB4O
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA6DB76C0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9F2AB320]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA6DB7810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA6DB78B0]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6BB83BF]
? C:\WINDOWS\system32\Drivers\PAGEDFRG.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5544] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 156280323
Disk \Device\Harddisk0\DR0 PE file @ sector 156280345

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\ie8\spuninst\iecustom.dll 58464 bytes executable
File C:\WINDOWS\ie8\spuninst\spuninst.exe 231456 bytes executable
File C:\WINDOWS\ie8\spuninst\spuninst.exe.manifest 781 bytes
File C:\WINDOWS\ie8\spuninst\spuninst.inf 450844 bytes
File C:\WINDOWS\ie8\spuninst\spuninst.txt 9698 bytes
File C:\WINDOWS\ie8\spuninst\updspapi.dll 382496 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\occache.dll 206848 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00032 139264 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\html.iec 385024 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\ie4uinit.exe 173056 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\iedkcs32.dll 387584 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\iedvtool.dll 743424 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\ieframe.dll 11076096 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\iepeers.dll 184320 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\ieproxy.dll 247808 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\iertutil.dll 1985536 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\ieuinit.inf 57667 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\inetcpl.cpl 1469440 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\jsproxy.dll 25600 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\licmgr10.dll 43008 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\msfeeds.dll 599040 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\msfeedsbs.dll 55296 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll 5950976 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\mshtmled.dll 66560 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\mstime.dll 611840 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00002 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00003 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00004 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00005 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00006 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00007 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00008 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00009 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00012 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00013 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00023 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00024 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00025 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00026 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00027 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00028 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00029 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00030 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00031 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00033 12288 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00034 12288 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00035 12288 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00036 12288 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00037 12288 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00038 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00039 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00040 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00041 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00042 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00043 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00044 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00045 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00046 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\reg00047 8192 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst 0 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.inf 23344 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.txt 5321 bytes
File C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\urlmon.dll 1209344 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\wininet.dll 916480 bytes executable
File C:\WINDOWS\ie8updates\KB2416400-IE8\xpshims.dll 12800 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00002 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00022 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\html.iec 385024 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\ie4uinit.exe 173568 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\iedkcs32.dll 387584 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\iedvtool.dll 743424 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\ieframe.dll 11080704 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\iepeers.dll 184320 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\ieproxy.dll 247808 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\iertutil.dll 1991680 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\inetcpl.cpl 1469440 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\jsproxy.dll 25600 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\licmgr10.dll 43520 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\msfeeds.dll 602112 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\msfeedsbs.dll 55296 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll 5959168 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\mshtmled.dll 66560 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\mstime.dll 611840 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\occache.dll 206848 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00003 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00004 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00005 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00006 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00007 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00008 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00009 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00010 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00011 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00012 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00013 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00014 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00015 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00016 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00017 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00018 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00019 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00020 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00021 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00023 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00024 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00025 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00026 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00027 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00028 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00029 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00030 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00031 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00032 143360 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00033 12288 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00034 12288 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00035 12288 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00036 12288 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00037 12288 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00038 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00039 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00040 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00041 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00042 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00043 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00044 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00045 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00046 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\reg00047 8192 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst 0 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.inf 24028 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.txt 5229 bytes
File C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\urlmon.dll 1210880 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\wininet.dll 916480 bytes executable
File C:\WINDOWS\ie8updates\KB2482017-IE8\xpshims.dll 12800 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00002 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00022 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\html.iec 385024 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\ie4uinit.exe 173568 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\iedkcs32.dll 387584 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\iedvtool.dll 743424 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\ieframe.dll 11080704 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\iepeers.dll 184320 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\ieproxy.dll 247808 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\iertutil.dll 1991680 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\inetcpl.cpl 1469440 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\jsproxy.dll 25600 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\licmgr10.dll 43520 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\msfeeds.dll 602112 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\msfeedsbs.dll 55296 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll 5961216 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\mshtmled.dll 66560 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\mstime.dll 611840 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\occache.dll 206848 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00003 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00004 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00005 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00006 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00007 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00008 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00009 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00010 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00011 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00012 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00013 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00014 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00015 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00016 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00017 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00018 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00019 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00020 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00021 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00023 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00024 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00025 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00026 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00027 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00028 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00029 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00030 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00031 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00032 147456 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00033 12288 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00034 12288 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00035 12288 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00036 12288 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00037 12288 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00038 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00039 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00040 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00041 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00042 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00043 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00044 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00045 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00046 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\reg00047 8192 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst 0 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.inf 24800 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.txt 5229 bytes
File C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\urlmon.dll 1210880 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\wininet.dll 916480 bytes executable
File C:\WINDOWS\ie8updates\KB2497640-IE8\xpshims.dll 12800 bytes executable
File C:\WINDOWS\ie8updates\KB2510531-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB2510531-IE8\jscript.dll 726528 bytes executable
File C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst 0 bytes
File C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.inf 13660 bytes
File C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.txt 641 bytes
File C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\ie8updates\KB2510531-IE8\vbscript.dll 420352 bytes executable
File C:\WINDOWS\ie8updates\KB971961-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB971961-IE8\jscript.dll 726528 bytes executable
File C:\WINDOWS\ie8updates\KB971961-IE8\spuninst 0 bytes
File C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.inf 11650 bytes
File C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.txt 377 bytes
File C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\ie8updates\KB976662-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB976662-IE8\jscript.dll 726528 bytes executable
File C:\WINDOWS\ie8updates\KB976662-IE8\jscript.dll.000 726528 bytes executable
File C:\WINDOWS\ie8updates\KB976662-IE8\spuninst 0 bytes
File C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.inf 11824 bytes
File C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.txt 381 bytes
File C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\ie8updates\KB981332-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB981332-IE8\spuninst 0 bytes
File C:\WINDOWS\ie8updates\KB982381-IE8 0 bytes
File C:\WINDOWS\ie8updates\KB982632-IE8 0 bytes

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~Budapest

Can someone help me with this? THank you!

EDIT: Please be patient. There are over 330 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~Budapest

Attached Files


Edited by Budapest, 03 May 2011 - 04:37 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:18 PM

Posted 08 May 2011 - 04:14 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 live2bfit

live2bfit
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 12 May 2011 - 09:47 PM

Elise - my problem has not changed from the original post. I posted my DDS log and GMER log as requested above. Please advise.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:18 PM

Posted 13 May 2011 - 02:35 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 live2bfit

live2bfit
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 19 May 2011 - 02:56 PM

Elise - I cannot install Combofix with AVG installed. I try to uninstall it and it gives me an internal error. Can you help me without installing Combofix? I noticed the following in one of my logs:

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 156280323

Anything I can do to fix it? This laptop is pretty useless until this problem is fixed. What else can I do?

Thank you.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:18 PM

Posted 19 May 2011 - 03:20 PM

No, you'll need to uninstall AVG first. Try to do it with AVG Remover

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 live2bfit

live2bfit
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 19 May 2011 - 04:35 PM

OK, I will try that. Am traveling the next few days, so will try to get to it ASAP.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:18 PM

Posted 20 May 2011 - 04:31 AM

Thank you for letting me know. I'll wait for the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 live2bfit

live2bfit
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 23 May 2011 - 10:05 PM

Here is the log. Please let me know if you can help.

7jhComboFix 11-05-23.02 - Owner 05/23/2011 22:07:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.204 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\bszip.dll
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-24 to 2011-05-24 )))))))))))))))))))))))))))))))
.
.
2011-05-20 10:50 . 2011-05-20 10:50 -------- d-----w- c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-05-19 13:16 . 2011-05-19 13:16 -------- d-----w- c:\documents and settings\Owner\Application Data\CyberLink
2011-05-11 23:30 . 2011-05-11 23:59 -------- d-----w- C:\f62a1fa85678edf013029042cc2f03
2011-05-01 01:29 . 2011-05-01 01:29 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-05-01 01:10 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-01 01:10 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-01 01:10 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-01 01:10 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-01 01:10 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-01 01:08 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-01 01:08 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-01 01:08 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-05-01 01:08 . 2008-04-13 17:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-05-01 01:08 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-05-01 01:08 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-01 01:07 . 2008-04-13 17:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-05-01 01:07 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-05-01 01:07 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-05-01 01:05 . 2004-08-04 02:29 11775 -c--a-w- c:\windows\system32\dllcache\wadv05nt.sys
2011-05-01 01:04 . 2001-08-17 17:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-05-01 01:04 . 2008-04-13 23:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-05-01 01:04 . 2001-08-17 17:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-05-01 01:04 . 2001-08-17 17:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-05-01 01:04 . 2001-08-17 17:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-05-01 01:04 . 2001-08-17 17:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-05-01 01:04 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-05-01 01:04 . 2001-08-17 17:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-05-01 01:04 . 2001-08-17 17:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-05-01 01:02 . 2001-08-18 02:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-05-01 01:02 . 2001-08-18 02:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-05-01 01:02 . 2001-08-17 17:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-05-01 01:02 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2011-05-01 01:02 . 2001-08-17 16:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-01 01:02 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-05-01 01:02 . 2001-08-17 16:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-05-01 01:02 . 2001-08-17 18:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-05-01 01:02 . 2001-08-17 16:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-05-01 01:02 . 2001-08-17 18:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-05-01 01:01 . 2001-08-17 16:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-05-01 01:01 . 2001-08-18 02:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2011-05-01 01:01 . 2008-04-13 23:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-05-01 01:01 . 2001-08-18 02:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2011-05-01 01:01 . 2001-08-17 18:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2011-05-01 01:01 . 2001-08-17 18:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-05-01 01:01 . 2001-08-17 16:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-05-01 01:01 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-05-01 01:01 . 2004-08-04 12:00 185344 -c--a-w- c:\windows\system32\dllcache\thawbrkr.dll
2011-05-01 01:01 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-05-01 01:00 . 2001-08-17 18:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-05-01 01:00 . 2008-04-13 17:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-05-01 01:00 . 2004-08-04 12:00 19464 -c--a-w- c:\windows\system32\dllcache\tdspx.sys
2011-05-01 01:00 . 2001-08-17 16:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-05-01 01:00 . 2004-08-04 12:00 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2011-05-01 01:00 . 2001-08-17 16:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-05-01 01:00 . 2004-08-04 12:00 13192 -c--a-w- c:\windows\system32\dllcache\tdasync.sys
2011-05-01 01:00 . 2001-08-17 17:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-05-01 01:00 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-05-01 01:00 . 2001-08-17 16:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-05-01 01:00 . 2001-08-17 18:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-05-01 00:58 . 2001-08-17 16:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-05-01 00:58 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-05-01 00:58 . 2004-08-04 12:00 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll
2011-05-01 00:58 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-05-01 00:58 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-05-01 00:58 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-05-01 00:58 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-05-01 00:58 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-05-01 00:58 . 2001-08-18 02:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-05-01 00:56 . 2001-08-18 02:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-05-01 00:55 . 2001-08-17 16:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2011-05-01 00:55 . 2001-08-17 18:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2011-05-01 00:55 . 2001-08-17 16:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2011-05-01 00:55 . 2001-08-17 18:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-05-01 00:55 . 2001-08-17 16:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2011-05-01 00:55 . 2004-08-04 12:00 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2011-05-01 00:55 . 2001-07-21 18:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-05-01 00:55 . 2001-07-21 18:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-05-01 00:55 . 2001-08-17 16:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-05-01 00:55 . 2001-08-18 02:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-05-01 00:54 . 2001-08-17 16:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-05-01 00:54 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-01 00:54 . 2001-08-17 17:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-05-01 00:54 . 2001-08-18 02:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-05-01 00:54 . 2001-08-17 17:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-05-01 00:54 . 2008-04-13 17:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-05-01 00:54 . 2001-08-17 17:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-05-01 00:54 . 2001-08-18 02:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-05-01 00:54 . 2001-08-17 17:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-05-01 00:54 . 2001-08-17 17:51 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-05-01 00:54 . 2001-08-17 17:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2011-05-01 00:54 . 2001-08-17 17:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2011-05-01 00:53 . 2008-04-13 17:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-05-01 00:53 . 2001-08-18 02:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2011-05-01 00:53 . 2001-08-17 16:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2011-05-01 00:53 . 2001-08-17 18:56 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2011-05-01 00:53 . 2001-08-17 16:50 77824 -c--a-w- c:\windows\system32\dllcache\s3sav4m.sys
2011-05-01 00:53 . 2001-08-17 18:56 198400 -c--a-w- c:\windows\system32\dllcache\s3sav4.dll
2011-05-01 00:53 . 2001-08-17 16:50 61504 -c--a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2011-05-01 00:53 . 2001-08-17 18:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2011-05-01 00:53 . 2001-08-17 18:56 210496 -c--a-w- c:\windows\system32\dllcache\s3mvirge.dll
2011-05-01 00:53 . 2001-08-18 02:36 62496 -c--a-w- c:\windows\system32\dllcache\s3mtrio.dll
2011-05-01 00:53 . 2001-08-17 16:50 41216 -c--a-w- c:\windows\system32\dllcache\s3mt3d.sys
2011-05-01 00:53 . 2001-08-17 18:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2011-05-01 00:51 . 2001-08-17 16:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-05-01 00:51 . 2001-08-18 02:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-05-01 00:51 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-05-01 00:51 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2011-05-01 00:51 . 2001-08-17 17:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-05-01 00:50 . 2001-08-17 17:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-05-01 00:50 . 2001-08-17 17:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-05-01 00:50 . 2001-08-18 02:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-05-01 00:50 . 2001-08-17 17:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-05-01 00:50 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\quser.exe
2011-05-01 00:50 . 2004-08-04 12:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2011-05-01 00:50 . 2008-04-13 17:40 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-05-01 00:50 . 2001-08-17 17:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-05-01 00:50 . 2001-08-17 17:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-05-01 00:50 . 2001-08-17 17:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2011-05-01 00:50 . 2008-04-13 23:12 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-05-01 00:50 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2011-05-01 00:48 . 2001-08-17 18:04 75776 -c--a-w- c:\windows\system32\dllcache\philcam1.sys
2011-05-01 00:48 . 2001-08-18 02:36 16384 -c--a-w- c:\windows\system32\dllcache\philcam1.dll
2011-05-01 00:48 . 2004-08-04 12:00 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll
2011-05-01 00:48 . 2008-04-13 23:10 259328 -c--a-w- c:\windows\system32\dllcache\perm3dd.dll
2011-05-01 00:48 . 2008-04-13 17:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-23 02:14 . 2011-04-23 02:14 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-07 05:33 . 2008-12-04 20:30 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-12-04 20:34 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2008-12-04 20:34 1857920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="-scheduler" [X]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-14 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Share-to-Web Namespace Daemon"="c:\program files\hp\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"Act.Outlook.Service"="c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"PDFHook"="c:\program files\Nuance\PDF Professional 7\pdfpro7hook.exe" [2010-10-16 1275168]
"PDF7 Registry Controller"="c:\program files\Nuance\PDF Professional 7\RegistryController.exe" [2010-10-16 121120]
"Nuance PDF Converter Professional 7-reminder"="c:\program files\Nuance\PDF Professional 7\Ereg\Ereg.exe" [2010-07-05 333088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-08-09 1394440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-12-5 473616]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-5-21 5796696]
officejet 6100.lnk - c:\program files\hp\Digital Imaging\bin\hposol08.exe [2002-6-27 147456]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-8-25 1156384]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-8-25 1178400]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-19 01:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 14:40 34904 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1268892649\EE\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-05-13 23:29 126976 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-05-13 23:30 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-13 00:16 1121792 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
2004-04-05 21:33 99480 ----a-w- c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 06:11 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 11:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
2005-02-25 21:20 68296 ----a-w- c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-11-05 15:47 688218 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-11-05 15:47 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2008-04-14 00:12 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2008-04-14 00:12 16384 ----a-w- c:\windows\Help\splshwrp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1268892649\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/18/2010 6:20 PM 363344]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [6/28/2006 9:48 PM 28952920]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [3/18/2010 1:47 AM 17280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/18/2010 6:20 PM 20952]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [3/18/2010 1:47 AM 9600]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [12/5/2010 4:18 PM 13312]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [12/5/2010 4:15 PM 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [12/5/2010 4:15 PM 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [12/5/2010 4:15 PM 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [12/5/2010 4:15 PM 24960]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\lgandadb.sys [12/5/2010 4:15 PM 25728]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [3/18/2010 1:44 AM 69692]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [8/15/2010 12:51 PM 8576]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764594506-734856957-1329070328-1006Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-10 02:48]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3764594506-734856957-1329070328-1006UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-10 02:48]
.
2011-05-19 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]
.
2011-04-09 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
.
2011-05-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3764594506-734856957-1329070328-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2011-05-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3764594506-734856957-1329070328-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearchMigratedDefaultUrl = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm047YYUS&ptb=ekT66oRACrq2a6aISrsdhQ&psa=&ind=2010071015&ptnrS=ZJxdm047YYUS&si=&st=sb&n=77cf3fe7&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/eol_pre_falcon.asp?src=RegWiz&affid=370&langid=1&cid=54002
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7.0 - c:\program files\Nuance\PDF Professional 7\cnvres_eng.dll /100
IE: Open with PDF Professional 7 - c:\program files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Trusted Zone: mlxchange.com
Trusted Zone: safemls.net
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/MLSClientUtils.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.clearcapital.com/imageUpload/ImageUploader6.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://mfr.mlxchange.com/5.1.01.9919/Control/IRCSharc.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yj582qo7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-23 22:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-05-23 22:28:09
ComboFix-quarantined-files.txt 2011-05-24 02:28
.
Pre-Run: 32,062,201,856 bytes free
Post-Run: 34,278,920,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
- - End Of File - - C6BFF7F566433692CF6C8FB136BABB7A

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:18 PM

Posted 24 May 2011 - 06:04 AM

How are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 live2bfit

live2bfit
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 26 May 2011 - 01:21 PM

To be honest, I haven't been using the laptop much until I got some resolution on the issues. Did you see anything in my logs? Did Combofix repair anything? I don't know how to read the logs.

Thank you.

#12 live2bfit

live2bfit
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 26 May 2011 - 01:24 PM

Also, I don't think the Recovery Console installed correctly. What can I do to check it?

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:18 PM

Posted 26 May 2011 - 02:01 PM

Hi, can you please use your computer a bit and let me know how everything runs?

The Recovery Console was either not installed because you canceled the installation or because your computer had a connection problem. This is nothing to worry about.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,929 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:18 PM

Posted 07 June 2011 - 02:07 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users