Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus and iexplorer.exe always running


  • This topic is locked This topic is locked
22 replies to this topic

#1 colacolafan

colacolafan

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 06 November 2011 - 12:45 PM

DDS cannot finish its scan, it runs a little slow and then computer locks up and I have to restart. Some of the options for doing a GMER scan were grayed out, so I was unable follow that part of the posting instructions as well. Can you reccomend something else I can use to post logs?

While using firefox, I have been redirected to different sites, mostly when I use a search engine but other times it will just happen randomly. Also, Internet Explorer, which I never use, will open up an ad or a site on it's own. Also, I can see iexplorer.exe using task manager using up large amounts of cpu and ram even if it's not open on my screen. I have tried a system restore as well as Malware Antibytes and Avast (both up to date) which have found nothing. I have tried using TDSSKiller and it fails to open, even if I rename it and change the file extension.

It'd be really awesome if you can help me with this. It's not been a good weekend...

Edited by colacolafan, 06 November 2011 - 01:13 PM.


BC AdBot (Login to Remove)

 


#2 colacolafan

colacolafan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 08 November 2011 - 04:41 PM

DDS finally ran the whole way through!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by user at 16:23:35 on 2011-11-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.327 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\user\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~2.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\desktop(2).ini
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sketch~2.lnk - c:\program files\autodesk\sketchbookpro2010\SketchBookSnapshot.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\waabioyo.default\
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\waabioyo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-22 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-25 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-25 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-25 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-5 366152]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-1-16 237568]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-8-5 3032360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-5 22216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-3 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-3 135664]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-8-5 15144]
.
=============== Created Last 30 ================
.
2011-11-08 01:06:49 -------- d-----w- C:\WTablet
2011-11-06 16:31:42 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-11-06 16:31:42 -------- d-----w- c:\program files\Trend Micro
2011-11-06 03:11:13 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 20:05:53 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-11-05 19:00:52 -------- d-----w- c:\documents and settings\user\application data\PE Explorer
2011-11-05 19:00:44 -------- d-----w- c:\program files\PE Explorer
2011-11-05 18:56:09 -------- d-----w- c:\documents and settings\user\application data\Resource Tuner
2011-11-05 18:56:01 -------- d-----w- c:\program files\Resource Tuner
2011-11-05 18:49:46 -------- d--h--w- c:\windows\PIF
2011-11-05 06:09:54 -------- d-----w- C:\ComboFix
2011-11-05 05:40:27 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-05 05:40:17 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-05 01:25:31 -------- d-sha-r- C:\cmdcons
2011-11-05 01:08:24 98816 ----a-w- c:\windows\sed.exe
2011-11-05 01:08:24 208896 ----a-w- c:\windows\MBR.exe
2011-11-05 00:49:59 -------- d-----w- c:\program files\combofix
2011-11-04 22:32:01 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-04 22:32:01 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-13 04:33:59 -------- d-----w- c:\documents and settings\user\application data\Full
.
==================== Find3M ====================
.
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec
2011-08-14 14:44:19 90112 ----a-w- c:\windows\DUMP74c2.tmp
.
============= FINISH: 16:31:09.93 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:21 PM

Posted 09 November 2011 - 12:46 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 colacolafan

colacolafan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 10 November 2011 - 10:24 AM

Thanks for the help!
I was able to run Combofix, the first time it locked up and the screen went black. The second time it ran successfully. It did take over an hour to run though.
I don't have a wireless connection right now, but I will let you know how the computer acts when I have a chance later. Most of the issues stem from being redirected while using a browser or internet explorer opening to other sites when I'm not using it.


ComboFix 11-11-10.01 - user 11/10/2011 8:59.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.600 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-08 01:06 . 2011-11-08 01:06 -------- d-----w- C:\WTablet
2011-11-06 16:31 . 2011-11-06 16:31 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-06 16:31 . 2011-11-06 16:31 -------- d-----w- c:\program files\Trend Micro
2011-11-06 03:11 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 20:05 . 2011-11-06 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-11-05 19:00 . 2011-11-05 19:01 -------- d-----w- c:\documents and settings\user\Application Data\PE Explorer
2011-11-05 19:00 . 2011-11-05 19:00 -------- d-----w- c:\program files\PE Explorer
2011-11-05 18:56 . 2011-11-05 18:57 -------- d-----w- c:\documents and settings\user\Application Data\Resource Tuner
2011-11-05 18:56 . 2011-11-05 18:56 -------- d-----w- c:\program files\Resource Tuner
2011-11-05 18:49 . 2011-11-05 18:49 -------- d--h--w- c:\windows\PIF
2011-11-05 05:40 . 2011-11-05 05:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-05 05:40 . 2011-11-05 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-04 22:32 . 2011-11-04 22:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-13 04:33 . 2011-10-13 04:33 -------- d-----w- c:\documents and settings\user\Application Data\Full
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2009-01-16 23:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 15:41 . 2009-01-16 23:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2009-01-16 23:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2009-01-16 23:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-09-19 04:32 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-01-25 17:33 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-08-23 02:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-01-25 17:33 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-01-25 17:33 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-01-25 17:33 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-01-25 17:33 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-01-25 17:33 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-01-25 17:33 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-01-25 17:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2009-01-16 23:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:32 . 2009-01-16 23:18 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2010-01-12 17:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2009-01-16 23:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2009-01-16 23:18 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2009-01-16 23:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2009-01-16 23:18 389120 ----a-w- c:\windows\system32\html.iec
2011-08-14 14:44 . 2009-10-06 08:02 90112 ----a-w- c:\windows\DUMP74c2.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-05_07.06.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80KOR.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80JPN.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ITA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80FRA.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ESP.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80DEU.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHT.dll
+ 2011-05-13 23:45 . 2011-05-13 23:45 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80CHS.dll
+ 2011-05-14 05:06 . 2011-05-14 05:06 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80u.dll
+ 2011-05-14 05:23 . 2011-05-14 05:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfcm80.dll
+ 2011-05-13 22:37 . 2011-05-13 22:37 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 44544 c:\windows\system32\pngfilt.dll
+ 2009-01-16 23:18 . 2011-11-10 13:51 69678 c:\windows\system32\perfc009.dat
- 2009-01-16 23:18 . 2011-11-05 05:24 69678 c:\windows\system32\perfc009.dat
- 2009-01-16 23:18 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
+ 2009-01-16 23:18 . 2007-08-14 02:01 48128 c:\windows\system32\mshtmler.dll
- 2009-01-16 23:18 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
+ 2009-01-16 23:18 . 2007-08-14 02:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-14 02:36 . 2007-08-14 02:36 12288 c:\windows\system32\msfeedssync.exe
+ 2007-08-14 02:54 . 2011-08-17 21:32 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-01-16 23:18 . 2007-08-14 02:44 40960 c:\windows\system32\licmgr10.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 27648 c:\windows\system32\jsproxy.dll
+ 2009-01-16 23:18 . 2007-08-14 02:39 92672 c:\windows\system32\inseng.dll
+ 2009-01-16 23:18 . 2007-08-14 02:36 36352 c:\windows\system32\imgutil.dll
+ 2009-01-16 23:18 . 2007-08-14 02:39 55296 c:\windows\system32\iesetup.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 44544 c:\windows\system32\iernonce.dll
+ 2009-01-16 23:18 . 2011-08-17 12:21 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-14 02:36 . 2011-08-17 21:32 63488 c:\windows\system32\icardie.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-01-16 23:18 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2009-01-16 23:18 . 2007-08-14 02:01 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2009-01-16 23:18 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-01-16 23:18 . 2007-08-14 02:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-06-29 16:12 . 2011-08-17 21:32 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-01-16 23:18 . 2007-08-14 02:44 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-16 23:18 . 2007-08-14 02:39 92672 c:\windows\system32\dllcache\inseng.dll
+ 2009-01-16 23:18 . 2007-08-14 02:36 36352 c:\windows\system32\dllcache\imgutil.dll
- 2009-06-29 11:07 . 2009-10-28 14:36 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-06-29 11:07 . 2011-08-17 12:21 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-01-16 23:18 . 2007-08-14 02:39 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2010-01-12 17:33 . 2011-08-17 21:32 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-01-16 23:18 . 2011-08-17 12:21 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-06-29 16:12 . 2011-08-17 21:32 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-01-16 23:32 . 2007-08-14 02:18 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-01-16 23:18 . 2007-08-14 02:39 71680 c:\windows\system32\dllcache\admparse.dll
- 2009-10-06 07:54 . 2011-06-11 21:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-06 07:54 . 2011-11-05 20:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-06 07:54 . 2011-06-11 21:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-06 07:54 . 2011-11-05 20:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-11-05 20:33 . 2011-11-05 20:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-16 23:18 . 2007-08-14 02:39 71680 c:\windows\system32\admparse.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB2586448-IE7\pngfilt.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB2586448-IE7\msfeedsbs.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB2586448-IE7\jsproxy.dll
+ 2011-11-08 01:09 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB2586448-IE7\ieudinit.exe
+ 2011-11-08 01:09 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB2586448-IE7\iernonce.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB2586448-IE7\ieencode.dll
+ 2011-11-08 01:09 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB2586448-IE7\ie4uinit.exe
+ 2011-11-08 01:09 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB2586448-IE7\icardie.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB2586448-IE7\corpol.dll
+ 2011-05-14 05:17 . 2011-05-14 05:17 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 05:12 . 2011-05-14 05:12 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 05:11 . 2011-05-14 05:11 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2007-08-14 02:45 . 2007-08-14 02:45 206336 c:\windows\system32\winfxdocobj.exe
+ 2009-01-16 23:18 . 2011-08-17 21:32 233472 c:\windows\system32\webcheck.dll
+ 2009-01-16 23:18 . 2011-03-04 06:45 434176 c:\windows\system32\vbscript.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 106496 c:\windows\system32\url.dll
+ 2009-01-16 23:18 . 2011-11-10 13:51 437618 c:\windows\system32\perfh009.dat
- 2009-01-16 23:18 . 2011-11-05 05:24 437618 c:\windows\system32\perfh009.dat
+ 2009-01-16 23:18 . 2011-08-17 21:32 102912 c:\windows\system32\occache.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 671232 c:\windows\system32\mstime.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 193024 c:\windows\system32\msrating.dll
- 2009-01-16 23:18 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
+ 2009-01-16 23:18 . 2007-08-14 02:54 156160 c:\windows\system32\msls31.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 478720 c:\windows\system32\mshtmled.dll
+ 2007-08-14 02:54 . 2011-08-17 21:32 468480 c:\windows\system32\msfeeds.dll
+ 2009-01-16 23:18 . 2011-03-04 06:45 512000 c:\windows\system32\jscript.dll
+ 2007-08-14 02:54 . 2007-08-14 02:54 180736 c:\windows\system32\ieui.dll
+ 2007-08-14 02:34 . 2011-08-17 21:32 268288 c:\windows\system32\iertutil.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 192512 c:\windows\system32\iepeers.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 384512 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 20:27 . 2011-08-17 21:32 380928 c:\windows\system32\ieapfltr.dll
+ 2009-01-16 23:18 . 2011-08-17 11:00 161792 c:\windows\system32\ieakui.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 230400 c:\windows\system32\ieaksie.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 153088 c:\windows\system32\ieakeng.dll
- 2009-01-16 23:18 . 2009-10-29 07:46 133120 c:\windows\system32\extmgr.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 133120 c:\windows\system32\extmgr.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 214528 c:\windows\system32\dxtrans.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 347136 c:\windows\system32\dxtmsft.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 832512 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2009-01-16 23:32 . 2011-04-30 08:50 766464 c:\windows\system32\dllcache\vgx.dll
+ 2009-01-16 23:18 . 2011-03-04 06:45 434176 c:\windows\system32\dllcache\vbscript.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 106496 c:\windows\system32\dllcache\url.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-01-16 23:18 . 2007-08-14 02:54 156160 c:\windows\system32\dllcache\msls31.dll
- 2009-01-16 23:18 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 478720 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-06-29 16:12 . 2011-08-17 21:32 468480 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-01-16 23:18 . 2011-03-04 06:45 512000 c:\windows\system32\dllcache\jscript.dll
- 2009-01-16 23:32 . 2011-05-02 15:31 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-01-16 23:32 . 2011-10-10 14:22 692736 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-01-16 23:32 . 2011-08-17 11:01 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-29 16:12 . 2011-08-17 21:32 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 384512 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-06-29 16:12 . 2011-08-17 21:32 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-01-16 23:18 . 2011-08-17 11:00 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 133120 c:\windows\system32\dllcache\extmgr.dll
- 2009-01-16 23:18 . 2009-10-29 07:46 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 124928 c:\windows\system32\advpack.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB2586448-IE7\wininet.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB2586448-IE7\webcheck.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB2586448-IE7\url.dll
+ 2011-11-08 01:09 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2586448-IE7\spuninst\updspapi.dll
+ 2011-11-08 01:09 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2586448-IE7\spuninst\spuninst.exe
+ 2011-11-08 01:09 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB2586448-IE7\occache.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB2586448-IE7\mstime.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB2586448-IE7\msrating.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB2586448-IE7\mshtmled.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB2586448-IE7\msfeeds.dll
+ 2011-11-08 01:09 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB2586448-IE7\iexplore.exe
+ 2011-11-08 01:09 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB2586448-IE7\iertutil.dll
+ 2011-11-08 01:09 . 2007-08-14 02:54 191488 c:\windows\ie7updates\KB2586448-IE7\iepeers.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB2586448-IE7\iedkcs32.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB2586448-IE7\ieapfltr.dll
+ 2011-11-08 01:09 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB2586448-IE7\ieakui.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB2586448-IE7\ieaksie.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB2586448-IE7\ieakeng.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB2586448-IE7\extmgr.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB2586448-IE7\dxtrans.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB2586448-IE7\dxtmsft.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB2586448-IE7\advpack.dll
+ 2011-11-08 01:10 . 2008-05-27 17:23 765952 c:\windows\ie7updates\KB2544521-IE7\vgx.dll
+ 2011-11-08 01:10 . 2010-07-05 13:16 382840 c:\windows\ie7updates\KB2544521-IE7\spuninst\updspapi.dll
+ 2011-11-08 01:10 . 2010-07-05 13:15 231288 c:\windows\ie7updates\KB2544521-IE7\spuninst\spuninst.exe
+ 2010-01-12 17:33 . 2006-09-07 01:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2011-05-14 00:04 . 2011-05-14 00:04 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
+ 2011-05-14 00:04 . 2011-05-14 00:04 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll
+ 2009-01-16 23:18 . 2011-08-17 21:32 1168896 c:\windows\system32\urlmon.dll
+ 2009-01-16 23:18 . 2011-09-05 07:48 3615744 c:\windows\system32\mshtml.dll
+ 2007-08-14 02:54 . 2011-08-17 21:32 6076416 c:\windows\system32\ieframe.dll
+ 2007-02-13 00:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2009-01-16 23:18 . 2011-08-17 21:32 1168896 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-16 23:18 . 2011-09-05 07:48 3615744 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-19 13:32 . 2011-08-17 21:32 6076416 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2011-11-06 16:31 . 2011-11-06 16:31 1094656 c:\windows\Installer\9a7c5a.msi
+ 2011-11-08 01:09 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB2586448-IE7\urlmon.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB2586448-IE7\mshtml.dll
+ 2011-11-08 01:09 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB2586448-IE7\ieframe.dll
+ 2009-11-14 04:53 . 2011-11-10 01:45 50295240 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]
desktop(2).ini [2009-1-16 84]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-5-4 708608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager-080708-050100"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/22/2011 9:17 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/25/2010 12:33 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/25/2010 12:33 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/5/2011 10:11 PM 366152]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [1/16/2009 8:02 PM 237568]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/5/2010 9:13 PM 3032360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/5/2011 10:11 PM 22216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\Update\GoogleUpdate.exe [3/3/2010 8:26 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\Update\GoogleUpdate.exe [3/3/2010 8:26 AM 135664]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/5/2010 9:13 PM 15144]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 13:26]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 13:26]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695072642-3757435101-538525854-1005Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-13 02:36]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695072642-3757435101-538525854-1005UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-13 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\waabioyo.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\WININET.dll
c:\progra~1\MICROS~2\Office12\GRA8E1~1.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2011-11-10 10:07:15
ComboFix-quarantined-files.txt 2011-11-10 15:06
ComboFix2.txt 2011-11-05 07:26
.
Pre-Run: 130,702,766,080 bytes free
Post-Run: 131,046,871,040 bytes free
.
- - End Of File - - 351523E759025532C677E174FA0AA435

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:21 PM

Posted 10 November 2011 - 04:01 PM

Hello


Go into device manager and uninstall your wireless adapter and restart the computer and let it get reinstalled


check wireless after that


gringo

Edited by gringo_pr, 10 November 2011 - 04:07 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 colacolafan

colacolafan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 10 November 2011 - 09:06 PM

It was a network issues, no worries the wireless on the computer is good. I am still getting redirected when I browse the internet and internet explorer is still always running.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:21 PM

Posted 10 November 2011 - 09:19 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 colacolafan

colacolafan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 10 November 2011 - 09:31 PM

TDSSkiller won't run. I tried changing the file name and extension but it is still prevented from running/opening.

Edited by colacolafan, 10 November 2011 - 09:31 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:21 PM

Posted 10 November 2011 - 09:31 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 colacolafan

colacolafan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 10 November 2011 - 09:50 PM

fixTDSS ran and said the repair was successful.
TDSSkiller ran, it found no infections and here is the report:



21:48:27.0859 0404 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26
21:48:28.0093 0404 ============================================================
21:48:28.0093 0404 Current date / time: 2011/11/10 21:48:28.0093
21:48:28.0093 0404 SystemInfo:
21:48:28.0093 0404
21:48:28.0093 0404 OS Version: 5.1.2600 ServicePack: 3.0
21:48:28.0093 0404 Product type: Workstation
21:48:28.0093 0404 ComputerName: MARIE2
21:48:28.0093 0404 UserName: user
21:48:28.0093 0404 Windows directory: C:\WINDOWS
21:48:28.0093 0404 System windows directory: C:\WINDOWS
21:48:28.0093 0404 Processor architecture: Intel x86
21:48:28.0093 0404 Number of processors: 2
21:48:28.0093 0404 Page size: 0x1000
21:48:28.0093 0404 Boot type: Normal boot
21:48:28.0093 0404 ============================================================
21:48:28.0515 0404 Initialize success
21:48:29.0953 1884 ============================================================
21:48:29.0953 1884 Scan started
21:48:29.0953 1884 Mode: Manual;
21:48:29.0953 1884 ============================================================
21:48:30.0312 1884 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:48:30.0312 1884 Aavmker4 - ok
21:48:30.0328 1884 Abiosdsk - ok
21:48:30.0421 1884 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:48:30.0421 1884 abp480n5 - ok
21:48:30.0500 1884 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:48:30.0500 1884 ACPI - ok
21:48:30.0515 1884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:48:30.0531 1884 ACPIEC - ok
21:48:30.0609 1884 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:48:30.0609 1884 adpu160m - ok
21:48:30.0734 1884 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:48:30.0734 1884 aec - ok
21:48:30.0812 1884 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:48:30.0812 1884 AFD - ok
21:48:30.0859 1884 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:48:30.0859 1884 agp440 - ok
21:48:30.0875 1884 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:48:30.0890 1884 agpCPQ - ok
21:48:30.0906 1884 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:48:30.0906 1884 Aha154x - ok
21:48:30.0921 1884 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:48:30.0937 1884 aic78u2 - ok
21:48:30.0953 1884 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:48:30.0968 1884 aic78xx - ok
21:48:31.0015 1884 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:48:31.0015 1884 AliIde - ok
21:48:31.0062 1884 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:48:31.0078 1884 alim1541 - ok
21:48:31.0203 1884 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:48:31.0203 1884 amdagp - ok
21:48:31.0281 1884 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:48:31.0281 1884 amsint - ok
21:48:31.0406 1884 AR5416 (2774b0607acdad6e76f577ac85fa077d) C:\WINDOWS\system32\DRIVERS\athw.sys
21:48:31.0421 1884 AR5416 - ok
21:48:31.0578 1884 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:48:31.0578 1884 asc - ok
21:48:31.0640 1884 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:48:31.0640 1884 asc3350p - ok
21:48:31.0656 1884 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:48:31.0656 1884 asc3550 - ok
21:48:31.0750 1884 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:48:31.0765 1884 aswFsBlk - ok
21:48:31.0781 1884 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
21:48:31.0781 1884 aswMon2 - ok
21:48:31.0796 1884 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
21:48:31.0812 1884 aswRdr - ok
21:48:31.0937 1884 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
21:48:31.0953 1884 aswSnx - ok
21:48:31.0984 1884 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
21:48:32.0000 1884 aswSP - ok
21:48:32.0062 1884 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
21:48:32.0062 1884 aswTdi - ok
21:48:32.0125 1884 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:48:32.0125 1884 AsyncMac - ok
21:48:32.0218 1884 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:48:32.0218 1884 atapi - ok
21:48:32.0328 1884 Atdisk - ok
21:48:32.0343 1884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:48:32.0359 1884 Atmarpc - ok
21:48:32.0406 1884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:48:32.0406 1884 audstub - ok
21:48:32.0453 1884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:48:32.0453 1884 Beep - ok
21:48:32.0640 1884 catchme - ok
21:48:32.0781 1884 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:48:32.0796 1884 cbidf - ok
21:48:32.0812 1884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:48:32.0812 1884 cbidf2k - ok
21:48:32.0859 1884 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:48:32.0875 1884 CCDECODE - ok
21:48:32.0890 1884 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:48:32.0906 1884 cd20xrnt - ok
21:48:32.0953 1884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:48:32.0968 1884 Cdaudio - ok
21:48:33.0125 1884 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:48:33.0125 1884 Cdfs - ok
21:48:33.0187 1884 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:48:33.0187 1884 Cdrom - ok
21:48:33.0343 1884 Changer - ok
21:48:33.0468 1884 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:48:33.0468 1884 CmBatt - ok
21:48:33.0531 1884 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:48:33.0531 1884 CmdIde - ok
21:48:33.0593 1884 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:48:33.0593 1884 Compbatt - ok
21:48:33.0640 1884 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:48:33.0640 1884 Cpqarray - ok
21:48:33.0671 1884 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:48:33.0671 1884 dac2w2k - ok
21:48:33.0687 1884 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:48:33.0703 1884 dac960nt - ok
21:48:33.0734 1884 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:48:33.0734 1884 Disk - ok
21:48:33.0765 1884 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
21:48:33.0765 1884 DKbFltr - ok
21:48:33.0937 1884 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:48:33.0953 1884 dmboot - ok
21:48:33.0968 1884 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:48:33.0984 1884 dmio - ok
21:48:34.0000 1884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:48:34.0000 1884 dmload - ok
21:48:34.0031 1884 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:48:34.0031 1884 DMusic - ok
21:48:34.0078 1884 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:48:34.0078 1884 dpti2o - ok
21:48:34.0218 1884 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
21:48:34.0218 1884 DritekPortIO - ok
21:48:34.0375 1884 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:48:34.0390 1884 drmkaud - ok
21:48:34.0437 1884 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:48:34.0437 1884 Fastfat - ok
21:48:34.0515 1884 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:48:34.0515 1884 Fdc - ok
21:48:34.0531 1884 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:48:34.0546 1884 Fips - ok
21:48:34.0562 1884 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:48:34.0562 1884 Flpydisk - ok
21:48:34.0593 1884 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:48:34.0593 1884 FltMgr - ok
21:48:34.0625 1884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:48:34.0625 1884 Fs_Rec - ok
21:48:34.0687 1884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:48:34.0703 1884 Ftdisk - ok
21:48:34.0843 1884 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:48:34.0843 1884 Gpc - ok
21:48:34.0890 1884 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:48:34.0890 1884 HDAudBus - ok
21:48:34.0968 1884 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:48:34.0968 1884 HidUsb - ok
21:48:35.0015 1884 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:48:35.0015 1884 hpn - ok
21:48:35.0078 1884 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:48:35.0078 1884 HTTP - ok
21:48:35.0250 1884 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:48:35.0250 1884 i2omgmt - ok
21:48:35.0265 1884 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:48:35.0281 1884 i2omp - ok
21:48:35.0343 1884 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:48:35.0343 1884 i8042prt - ok
21:48:35.0625 1884 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:48:35.0687 1884 ialm - ok
21:48:35.0859 1884 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
21:48:35.0859 1884 iaStor - ok
21:48:35.0937 1884 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:48:35.0937 1884 Imapi - ok
21:48:36.0000 1884 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:48:36.0000 1884 ini910u - ok
21:48:36.0015 1884 int15.sys - ok
21:48:36.0250 1884 IntcAzAudAddService (662b65eeb8d070bd1162a7b63859afcf) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:48:36.0296 1884 IntcAzAudAddService - ok
21:48:36.0468 1884 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:48:36.0468 1884 IntelIde - ok
21:48:36.0531 1884 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:48:36.0531 1884 intelppm - ok
21:48:36.0593 1884 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:48:36.0593 1884 Ip6Fw - ok
21:48:36.0609 1884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:48:36.0609 1884 IpFilterDriver - ok
21:48:36.0640 1884 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:48:36.0640 1884 IpInIp - ok
21:48:36.0671 1884 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:48:36.0687 1884 IpNat - ok
21:48:36.0812 1884 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:48:36.0812 1884 IPSec - ok
21:48:36.0843 1884 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:48:36.0843 1884 IRENUM - ok
21:48:36.0859 1884 is3srv - ok
21:48:36.0921 1884 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:48:36.0921 1884 isapnp - ok
21:48:36.0953 1884 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:48:36.0953 1884 Kbdclass - ok
21:48:37.0031 1884 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:48:37.0031 1884 kbdhid - ok
21:48:37.0203 1884 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:48:37.0203 1884 kmixer - ok
21:48:37.0281 1884 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:48:37.0281 1884 KSecDD - ok
21:48:37.0343 1884 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
21:48:37.0343 1884 L1e - ok
21:48:37.0375 1884 lbrtfdc - ok
21:48:37.0437 1884 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:48:37.0437 1884 MBAMProtector - ok
21:48:37.0609 1884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:48:37.0609 1884 mnmdd - ok
21:48:37.0671 1884 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:48:37.0671 1884 Modem - ok
21:48:37.0734 1884 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:48:37.0734 1884 Mouclass - ok
21:48:37.0796 1884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:48:37.0796 1884 mouhid - ok
21:48:37.0953 1884 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:48:37.0953 1884 MountMgr - ok
21:48:38.0015 1884 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:48:38.0015 1884 mraid35x - ok
21:48:38.0031 1884 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:48:38.0046 1884 MRxDAV - ok
21:48:38.0062 1884 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:48:38.0078 1884 Msfs - ok
21:48:38.0109 1884 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:48:38.0109 1884 MSKSSRV - ok
21:48:38.0125 1884 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:48:38.0125 1884 MSPCLOCK - ok
21:48:38.0156 1884 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:48:38.0156 1884 MSPQM - ok
21:48:38.0171 1884 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:48:38.0171 1884 mssmbios - ok
21:48:38.0218 1884 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:48:38.0218 1884 MSTEE - ok
21:48:38.0250 1884 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:48:38.0265 1884 Mup - ok
21:48:38.0281 1884 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:48:38.0281 1884 NABTSFEC - ok
21:48:38.0312 1884 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:48:38.0312 1884 NDIS - ok
21:48:38.0343 1884 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:48:38.0343 1884 NdisIP - ok
21:48:38.0500 1884 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:48:38.0500 1884 NdisTapi - ok
21:48:38.0531 1884 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:48:38.0531 1884 Ndisuio - ok
21:48:38.0562 1884 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:48:38.0578 1884 NdisWan - ok
21:48:38.0609 1884 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:48:38.0625 1884 NDProxy - ok
21:48:38.0640 1884 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:48:38.0640 1884 NetBIOS - ok
21:48:38.0671 1884 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:48:38.0671 1884 NetBT - ok
21:48:38.0812 1884 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:48:38.0828 1884 Npfs - ok
21:48:38.0906 1884 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:48:38.0921 1884 Ntfs - ok
21:48:38.0984 1884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:48:39.0000 1884 Null - ok
21:48:39.0125 1884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:48:39.0125 1884 NwlnkFlt - ok
21:48:39.0140 1884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:48:39.0140 1884 NwlnkFwd - ok
21:48:39.0218 1884 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:48:39.0218 1884 Parport - ok
21:48:39.0234 1884 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:48:39.0234 1884 PartMgr - ok
21:48:39.0265 1884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:48:39.0281 1884 ParVdm - ok
21:48:39.0312 1884 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:48:39.0312 1884 PCI - ok
21:48:39.0421 1884 PCIDump - ok
21:48:39.0437 1884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:48:39.0437 1884 PCIIde - ok
21:48:39.0515 1884 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:48:39.0515 1884 Pcmcia - ok
21:48:39.0531 1884 PDCOMP - ok
21:48:39.0546 1884 PDFRAME - ok
21:48:39.0562 1884 PDRELI - ok
21:48:39.0578 1884 PDRFRAME - ok
21:48:39.0593 1884 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:48:39.0609 1884 perc2 - ok
21:48:39.0625 1884 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:48:39.0625 1884 perc2hib - ok
21:48:39.0734 1884 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:48:39.0734 1884 PptpMiniport - ok
21:48:39.0765 1884 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:48:39.0765 1884 PSched - ok
21:48:39.0781 1884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:48:39.0781 1884 Ptilink - ok
21:48:39.0796 1884 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:48:39.0812 1884 ql1080 - ok
21:48:39.0828 1884 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:48:39.0828 1884 Ql10wnt - ok
21:48:39.0859 1884 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:48:39.0875 1884 ql12160 - ok
21:48:40.0000 1884 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:48:40.0000 1884 ql1240 - ok
21:48:40.0015 1884 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:48:40.0031 1884 ql1280 - ok
21:48:40.0062 1884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:48:40.0062 1884 RasAcd - ok
21:48:40.0125 1884 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:48:40.0125 1884 Rasl2tp - ok
21:48:40.0171 1884 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:48:40.0171 1884 RasPppoe - ok
21:48:40.0187 1884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:48:40.0203 1884 Raspti - ok
21:48:40.0250 1884 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:48:40.0250 1884 Rdbss - ok
21:48:40.0359 1884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:48:40.0359 1884 RDPCDD - ok
21:48:40.0437 1884 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:48:40.0453 1884 rdpdr - ok
21:48:40.0515 1884 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:48:40.0515 1884 RDPWD - ok
21:48:40.0578 1884 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:48:40.0578 1884 redbook - ok
21:48:40.0703 1884 RSUSBSTOR - ok
21:48:40.0734 1884 Rts516xIR - ok
21:48:40.0828 1884 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:48:40.0828 1884 Secdrv - ok
21:48:40.0890 1884 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
21:48:40.0890 1884 Serial - ok
21:48:40.0953 1884 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:48:40.0953 1884 Sfloppy - ok
21:48:41.0078 1884 Simbad - ok
21:48:41.0140 1884 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:48:41.0140 1884 sisagp - ok
21:48:41.0156 1884 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:48:41.0171 1884 SLIP - ok
21:48:41.0187 1884 SNP2UVC - ok
21:48:41.0250 1884 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:48:41.0250 1884 SONYPVU1 - ok
21:48:41.0281 1884 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:48:41.0296 1884 Sparrow - ok
21:48:41.0328 1884 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:48:41.0328 1884 splitter - ok
21:48:41.0375 1884 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:48:41.0390 1884 sr - ok
21:48:41.0562 1884 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:48:41.0562 1884 Srv - ok
21:48:41.0640 1884 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:48:41.0640 1884 streamip - ok
21:48:41.0703 1884 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:48:41.0703 1884 swenum - ok
21:48:41.0765 1884 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:48:41.0765 1884 swmidi - ok
21:48:41.0875 1884 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:48:41.0890 1884 symc810 - ok
21:48:41.0953 1884 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:48:41.0953 1884 symc8xx - ok
21:48:41.0968 1884 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:48:41.0968 1884 sym_hi - ok
21:48:42.0000 1884 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:48:42.0000 1884 sym_u3 - ok
21:48:42.0062 1884 SynTP (5c3e900f41426a372de60675afc8aa07) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:48:42.0062 1884 SynTP - ok
21:48:42.0125 1884 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:48:42.0140 1884 sysaudio - ok
21:48:42.0156 1884 szkg5 - ok
21:48:42.0171 1884 szkgfs - ok
21:48:42.0265 1884 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:48:42.0265 1884 Tcpip - ok
21:48:42.0390 1884 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:48:42.0406 1884 TDPIPE - ok
21:48:42.0421 1884 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:48:42.0421 1884 TDTCP - ok
21:48:42.0484 1884 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:48:42.0484 1884 TermDD - ok
21:48:42.0531 1884 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:48:42.0546 1884 TosIde - ok
21:48:42.0578 1884 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:48:42.0578 1884 Udfs - ok
21:48:42.0593 1884 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:48:42.0593 1884 ultra - ok
21:48:42.0625 1884 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:48:42.0640 1884 Update - ok
21:48:42.0656 1884 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:48:42.0671 1884 usbccgp - ok
21:48:42.0687 1884 USBCCID - ok
21:48:42.0734 1884 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:48:42.0734 1884 usbehci - ok
21:48:42.0750 1884 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:48:42.0765 1884 usbhub - ok
21:48:42.0906 1884 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:48:42.0921 1884 usbprint - ok
21:48:42.0953 1884 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:48:42.0953 1884 USBSTOR - ok
21:48:42.0984 1884 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:48:43.0000 1884 usbuhci - ok
21:48:43.0031 1884 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:48:43.0031 1884 usbvideo - ok
21:48:43.0062 1884 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:48:43.0062 1884 VgaSave - ok
21:48:43.0093 1884 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:48:43.0093 1884 viaagp - ok
21:48:43.0234 1884 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:48:43.0234 1884 ViaIde - ok
21:48:43.0265 1884 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:48:43.0265 1884 VolSnap - ok
21:48:43.0328 1884 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
21:48:43.0343 1884 wacmoumonitor - ok
21:48:43.0375 1884 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
21:48:43.0390 1884 wacommousefilter - ok
21:48:43.0406 1884 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
21:48:43.0406 1884 wacomvhid - ok
21:48:43.0453 1884 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
21:48:43.0453 1884 WacomVKHid - ok
21:48:43.0593 1884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:48:43.0609 1884 Wanarp - ok
21:48:43.0640 1884 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:48:43.0656 1884 Wdf01000 - ok
21:48:43.0671 1884 WDICA - ok
21:48:43.0703 1884 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:48:43.0703 1884 wdmaud - ok
21:48:43.0765 1884 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:48:43.0765 1884 WmiAcpi - ok
21:48:43.0812 1884 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:48:43.0828 1884 WSTCODEC - ok
21:48:43.0890 1884 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:48:43.0921 1884 \Device\Harddisk0\DR0 - ok
21:48:43.0921 1884 Boot (0x1200) (93af07574b309ef29aef8499e263486a) \Device\Harddisk0\DR0\Partition0
21:48:43.0921 1884 \Device\Harddisk0\DR0\Partition0 - ok
21:48:43.0921 1884 ============================================================
21:48:43.0921 1884 Scan finished
21:48:43.0921 1884 ============================================================
21:48:43.0953 1900 Detected object count: 0
21:48:43.0953 1900 Actual detected object count: 0

Edited by colacolafan, 10 November 2011 - 09:51 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:21 PM

Posted 10 November 2011 - 09:56 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 colacolafan

colacolafan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 10 November 2011 - 10:35 PM

I was able to run the script in Combofix, the only problem I had was I forgot to disable Avast. Avast tried to stop it, so I turned Avast off, and it ran fine. I haven't been redirected since I ran the script.




ComboFix 11-11-10.01 - user 11/10/2011 22:05:07.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.434 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-10 15:07 . 2011-11-10 15:07 -------- d-----w- c:\documents and settings\Administrator.MARIE2.000
2011-11-08 01:06 . 2011-11-08 01:06 -------- d-----w- C:\WTablet
2011-11-06 16:31 . 2011-11-06 16:31 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-06 16:31 . 2011-11-06 16:31 -------- d-----w- c:\program files\Trend Micro
2011-11-06 03:11 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 20:05 . 2011-11-06 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-11-05 19:00 . 2011-11-05 19:01 -------- d-----w- c:\documents and settings\user\Application Data\PE Explorer
2011-11-05 19:00 . 2011-11-05 19:00 -------- d-----w- c:\program files\PE Explorer
2011-11-05 18:56 . 2011-11-05 18:57 -------- d-----w- c:\documents and settings\user\Application Data\Resource Tuner
2011-11-05 18:56 . 2011-11-05 18:56 -------- d-----w- c:\program files\Resource Tuner
2011-11-05 18:49 . 2011-11-05 18:49 -------- d--h--w- c:\windows\PIF
2011-11-05 05:40 . 2011-11-05 05:40 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-05 05:40 . 2011-11-05 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-11-04 22:32 . 2011-11-04 22:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-13 04:33 . 2011-10-13 04:33 -------- d-----w- c:\documents and settings\user\Application Data\Full
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2009-01-16 23:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-26 15:41 . 2009-01-16 23:18 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2009-01-16 23:18 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2009-01-16 23:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-09-19 04:32 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-01-25 17:33 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-08-23 02:17 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-01-25 17:33 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-01-25 17:33 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-01-25 17:33 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-01-25 17:33 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2010-01-25 17:33 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2010-01-25 17:33 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2010-01-25 17:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-06 13:20 . 2009-01-16 23:18 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 21:32 . 2009-01-16 23:18 832512 ----a-w- c:\windows\system32\wininet.dll
2011-08-17 21:32 . 2010-01-12 17:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-08-17 21:32 . 2009-01-16 23:18 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-17 21:32 . 2009-01-16 23:18 17408 ----a-w- c:\windows\system32\corpol.dll
2011-08-17 13:49 . 2009-01-16 23:18 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 12:22 . 2009-01-16 23:18 389120 ----a-w- c:\windows\system32\html.iec
2011-08-14 14:44 . 2009-10-06 08:02 90112 ----a-w- c:\windows\DUMP74c2.tmp
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-10_14.48.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-16 23:18 . 2011-11-11 02:46 69678 c:\windows\system32\perfc009.dat
- 2009-01-16 23:18 . 2011-11-10 13:51 69678 c:\windows\system32\perfc009.dat
+ 2009-01-16 23:18 . 2011-11-11 02:46 437618 c:\windows\system32\perfh009.dat
- 2009-01-16 23:18 . 2011-11-10 13:51 437618 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]
desktop(2).ini [2009-1-16 84]
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-5-4 708608]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-12-30 07:09 875016 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GoogleDesktopManager-080708-050100"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\skype\\Phone\\Skype.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/22/2011 9:17 PM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/25/2010 12:33 PM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/25/2010 12:33 PM 20568]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/5/2011 10:11 PM 366152]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [1/16/2009 8:02 PM 237568]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/5/2010 9:13 PM 3032360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/5/2011 10:11 PM 22216]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\Update\GoogleUpdate.exe [3/3/2010 8:26 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\Update\GoogleUpdate.exe [3/3/2010 8:26 AM 135664]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/5/2010 9:13 PM 15144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 03286388
*NewlyCreated* - 10543727
*NewlyCreated* - 53849580
*Deregistered* - 03286388
*Deregistered* - 10543727
*Deregistered* - 53849580
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 13:26]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 13:26]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695072642-3757435101-538525854-1005Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-13 02:36]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2695072642-3757435101-538525854-1005UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-13 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1009&m=aspire_one
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\waabioyo.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 22:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
.
Completion time: 2011-11-10 22:31:04
ComboFix-quarantined-files.txt 2011-11-11 03:30
ComboFix2.txt 2011-11-10 15:07
ComboFix3.txt 2011-11-05 07:26
.
Pre-Run: 130,829,578,240 bytes free
Post-Run: 131,010,588,672 bytes free
.
- - End Of File - - 2683E4B2C136B84C1A34FCD8EA687137

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:21 PM

Posted 10 November 2011 - 10:40 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

If you have problems running Hijackthis.

sometimes we have to run it like this To run HijackThis as an administrator,
rightclick HijackThis.exe (located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 colacolafan

colacolafan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 10 November 2011 - 10:51 PM

I am currently following the steps that you listed above. But I'm not aware of any P2P programs on my computer, what program/s are you referring to?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:21 PM

Posted 10 November 2011 - 10:54 PM

Hello


my mistake - you do not have any


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users