Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Performance and Stability Analysis Report


  • This topic is locked This topic is locked
19 replies to this topic

#1 tabbycat8

tabbycat8

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 09 February 2012 - 11:18 AM

My laptop picked up a virus that made multiple windows appear saying there were numerous critical errors in my hard drive, RAM memory etc. The main window said 'PC Performance and Stability Analysis Report' at the top. It also hid all my files and most of the icons on my desktop, and turned my background black.

Before I found this site, I downloaded Malwarebytes, ran the full scan and removed the threats it found. After that, all the windows with error messages disappeared. However, my background is still black and my files and desktop icons are still hidden. Please help!


Here's the Malwarebytes log:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.08.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Clare :: CLARE-PC [administrator]

08/02/2012 09:47:04
mbam-log-2012-02-08 (09-47-04).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 413071
Time elapsed: 3 hour(s), 24 minute(s), 34 second(s)

Memory Processes Detected: 2
C:\ProgramData\gCnHHwIyAjV.exe (Trojan.FakeAlert) -> 2992 -> Delete on reboot.
C:\ProgramData\vYmaxq3bR2DjVQ.exe (Rogue.FakeAlert) -> 4072 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gCnHHwIyAjV.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\gCnHHwIyAjV.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\ProgramData\gCnHHwIyAjV.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\ProgramData\vYmaxq3bR2DjVQ.exe (Rogue.FakeAlert) -> Delete on reboot.
C:\Users\Clare\AppData\Local\Temp\jar_cache7742148292688064091.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clare\AppData\Local\Temp\jar_cache8721855374224676418.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clare\AppData\Local\Temp\KINceB8j76eyZq.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clare\AppData\Local\Temp\err.log20959233 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Clare\AppData\Local\Temp\OyQyXZXAFPzvPu.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clare\AppData\Local\Temp\jar_cache1248417921488721642.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clare\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1d039235-66ca1f88 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Clare\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1d039235-7ca6faaf (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)




Here's the DDS.txt log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Clare at 12:33:39 on 2012-02-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1912.933 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [MediaBarFileManager] c:\program files\on demand distribution\od2 music manager\OD2MediaBar_VistaFileManager.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
StartupFolder: c:\users\clare\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\clare\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA}
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.139.132.5 212.139.132.20
TCP: Interfaces\{8BBFAF4F-D641-425C-984C-DF5FF8DE91E1} : DhcpNameServer = 212.139.132.5 212.139.132.20
TCP: Interfaces\{935FC0E8-C706-4ABF-8FCB-BF3ECA88EA64} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-26 20352]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\toshiba tempro\TempoSVC.exe [2008-4-24 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-15 909152]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b4b03f83191d;Google Update Service (gupdate1c9b4b03f83191d);c:\program files\google\update\GoogleUpdate.exe [2009-4-3 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-12 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-3 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-26 937984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-08 09:38:18 -------- d-----w- c:\programdata\Malwarebytes
2012-02-08 09:38:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-08 09:38:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-06 22:35:49 -------- d-----w- c:\windows\system32\cache
2012-02-06 22:35:45 -------- d-----w- c:\program files\AVG Secure Search
2012-02-06 11:39:30 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-06 11:39:30 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-06 11:39:30 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-06 11:39:30 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-06 11:39:30 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-06 11:39:30 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-22 13:16:57 784144 ---ha-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-01-13 12:59:35 -------- d--h--w- c:\users\clare\appdata\local\twitter
2012-01-13 12:59:01 -------- d-----w- c:\program files\Twitter
2012-01-11 18:31:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 18:27:10 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 18:22:07 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 18:22:07 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 18:22:03 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:21:51 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:16:46 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 18:16:46 1314816 ----a-w- c:\windows\system32\quartz.dll
.
==================== Find3M ====================
.
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:34:54.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 AM

Posted 10 February 2012 - 09:10 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tabbycat8

tabbycat8
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 11 February 2012 - 07:44 AM

Hi
Thanks for your help.
I've run Combofix. It took quite a while - about 45 minutes from when it started to when the window closed and the log came up. I didn't have to reboot my computer at all.
I've got all my files back now and some of my programs and desktop icons, but there are still some missing, e.g. Internet Explorer (I have to use Safari to access the internet). My background is still black.
Also, I had AVG 2011 and temporarily disabled it before running Combofix as you instructed, but it now seems to have disappeared completely so I can't re-enable it.

Here's the Combofix log:

ComboFix 12-02-11.01 - Clare 11/02/2012 11:44:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1912.947 [GMT 0:00]
Running from: c:\users\Clare\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~vYmaxq3bR2DjVQ
c:\programdata\~vYmaxq3bR2DjVQr
c:\programdata\vYmaxq3bR2DjVQ
c:\users\Clare\AppData\Roaming\Adobe\plugs
c:\users\Clare\AppData\Roaming\Adobe\shed
c:\users\Clare\Desktop\System Check.lnk
c:\users\Clare\Documents\~WRL0001.tmp
c:\users\Clare\Taskmgr.exe
c:\windows\system32\Cache
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 12:04 . 2012-02-11 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 09:38 . 2012-02-08 09:38 -------- d-----w- c:\users\Clare\AppData\Roaming\Malwarebytes
2012-02-08 09:38 . 2012-02-08 09:38 -------- d-----w- c:\programdata\Malwarebytes
2012-02-08 09:38 . 2012-02-08 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 09:38 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 11:20 . 2012-02-07 11:20 -------- d--h--w- c:\programdata\WindowsSearch
2012-02-06 22:35 . 2012-02-07 11:11 -------- d-----w- c:\program files\AVG Secure Search
2012-02-06 11:39 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-06 11:39 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-06 11:39 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-06 11:39 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-06 11:39 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-06 11:39 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 13:16 . 2012-01-22 13:16 784144 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-13 12:59 . 2012-01-13 12:59 -------- d--h--w- c:\users\Clare\AppData\Local\twitter
2012-01-13 12:59 . 2012-01-13 12:59 576536 ---ha-r- c:\users\Clare\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-01-13 12:59 . 2012-01-13 12:59 -------- d-----w- c:\program files\Twitter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 15:59 . 2012-01-11 18:27 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-13 21:09 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 18:22 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 18:21 66560 ----a-w- c:\windows\system32\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-07 11:10 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-07 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"MediaBarFileManager"="c:\program files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe" [2007-06-25 30024]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-05-21 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-07 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-07 928096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 23:01]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.139.132.5 212.139.132.20
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 12:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-11 12:24:17
ComboFix-quarantined-files.txt 2012-02-11 12:23
.
Pre-Run: 5,334,261,760 bytes free
Post-Run: 7,292,342,272 bytes free
.
- - End Of File - - 0CD93068A06499789AF43D389EC771B8

#4 tabbycat8

tabbycat8
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 11 February 2012 - 07:57 AM

Sorry, I've just realised that if I open Windows Security Centre there are options to turn on AVG 2011 and Windows Defender as apparently they are both turned off. But when I click the button to turn them on nothing seems to happen.
I've also realised that I didn't disable Windows Firewall before running Combofix. Will I need to run it again with Windows Firewall disabled as well?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 AM

Posted 11 February 2012 - 11:31 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tabbycat8

tabbycat8
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 11 February 2012 - 01:37 PM

No problems running either TDSSKiller or aswMBR.
Also I can now access the AVG interface again as that and other taskbar icons that went away after running Combofix have come back. I've also realised that I can access Internet Explorer again through the Start menu, although the desktop icon is still not there. The background is still black.

Here's the TDSSKiller log:

17:22:56.0350 2324 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
17:22:58.0040 2324 ============================================================
17:22:58.0041 2324 Current date / time: 2012/02/11 17:22:58.0040
17:22:58.0041 2324 SystemInfo:
17:22:58.0041 2324
17:22:58.0042 2324 OS Version: 6.0.6002 ServicePack: 2.0
17:22:58.0042 2324 Product type: Workstation
17:22:58.0042 2324 ComputerName: CLARE-PC
17:22:58.0043 2324 UserName: Clare
17:22:58.0043 2324 Windows directory: C:\Windows
17:22:58.0043 2324 System windows directory: C:\Windows
17:22:58.0043 2324 Processor architecture: Intel x86
17:22:58.0043 2324 Number of processors: 2
17:22:58.0043 2324 Page size: 0x1000
17:22:58.0043 2324 Boot type: Normal boot
17:22:58.0043 2324 ============================================================
17:22:58.0772 2324 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:22:58.0775 2324 \Device\Harddisk0\DR0:
17:22:58.0775 2324 MBR used
17:22:58.0775 2324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x7011800
17:22:58.0775 2324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x7300000, BlocksNum 0x6C94800
17:23:00.0098 2324 Initialize success
17:23:00.0099 2324 ============================================================
17:23:40.0373 4640 ============================================================
17:23:40.0373 4640 Scan started
17:23:40.0373 4640 Mode: Manual;
17:23:40.0373 4640 ============================================================
17:23:41.0056 4640 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:23:41.0061 4640 ACPI - ok
17:23:41.0109 4640 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
17:23:41.0132 4640 adp94xx - ok
17:23:41.0170 4640 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
17:23:41.0178 4640 adpahci - ok
17:23:41.0194 4640 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
17:23:41.0199 4640 adpu160m - ok
17:23:41.0223 4640 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
17:23:41.0231 4640 adpu320 - ok
17:23:41.0322 4640 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:23:41.0330 4640 AFD - ok
17:23:41.0373 4640 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
17:23:41.0376 4640 agp440 - ok
17:23:41.0401 4640 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:23:41.0405 4640 aic78xx - ok
17:23:41.0439 4640 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
17:23:41.0441 4640 aliide - ok
17:23:41.0461 4640 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
17:23:41.0470 4640 amdagp - ok
17:23:41.0489 4640 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
17:23:41.0491 4640 amdide - ok
17:23:41.0519 4640 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
17:23:41.0522 4640 AmdK7 - ok
17:23:41.0562 4640 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
17:23:41.0564 4640 AmdK8 - ok
17:23:41.0608 4640 ApfiltrService (45f47f79ad3f587a334345fd2969354b) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:23:41.0613 4640 ApfiltrService - ok
17:23:41.0678 4640 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
17:23:41.0681 4640 arc - ok
17:23:41.0714 4640 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
17:23:41.0718 4640 arcsas - ok
17:23:41.0806 4640 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:23:41.0808 4640 AsyncMac - ok
17:23:41.0856 4640 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:23:41.0858 4640 atapi - ok
17:23:41.0947 4640 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
17:23:41.0978 4640 athr - ok
17:23:42.0093 4640 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:23:42.0095 4640 AVGIDSEH - ok
17:23:42.0146 4640 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
17:23:42.0155 4640 Avgtdix - ok
17:23:42.0220 4640 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:23:42.0222 4640 Beep - ok
17:23:42.0263 4640 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
17:23:42.0266 4640 blbdrive - ok
17:23:42.0342 4640 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:23:42.0345 4640 bowser - ok
17:23:42.0402 4640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:23:42.0404 4640 BrFiltLo - ok
17:23:42.0421 4640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:23:42.0423 4640 BrFiltUp - ok
17:23:42.0456 4640 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:23:42.0459 4640 Brserid - ok
17:23:42.0504 4640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:23:42.0506 4640 BrSerWdm - ok
17:23:42.0519 4640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:23:42.0521 4640 BrUsbMdm - ok
17:23:42.0542 4640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:23:42.0548 4640 BrUsbSer - ok
17:23:42.0564 4640 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:23:42.0566 4640 BTHMODEM - ok
17:23:42.0709 4640 catchme - ok
17:23:42.0752 4640 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:23:42.0756 4640 cdfs - ok
17:23:42.0817 4640 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:23:42.0822 4640 cdrom - ok
17:23:42.0872 4640 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
17:23:42.0875 4640 circlass - ok
17:23:42.0938 4640 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:23:42.0948 4640 CLFS - ok
17:23:43.0004 4640 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
17:23:43.0006 4640 CmBatt - ok
17:23:43.0031 4640 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
17:23:43.0034 4640 cmdide - ok
17:23:43.0105 4640 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
17:23:43.0113 4640 CnxtHdAudService - ok
17:23:43.0131 4640 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
17:23:43.0134 4640 Compbatt - ok
17:23:43.0195 4640 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
17:23:43.0197 4640 crcdisk - ok
17:23:43.0239 4640 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
17:23:43.0241 4640 Crusoe - ok
17:23:43.0327 4640 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:23:43.0330 4640 DfsC - ok
17:23:43.0439 4640 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:23:43.0441 4640 disk - ok
17:23:43.0511 4640 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:23:43.0513 4640 drmkaud - ok
17:23:43.0581 4640 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:23:43.0602 4640 DXGKrnl - ok
17:23:43.0657 4640 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:23:43.0661 4640 E1G60 - ok
17:23:43.0738 4640 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:23:43.0742 4640 Ecache - ok
17:23:43.0814 4640 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
17:23:43.0824 4640 elxstor - ok
17:23:43.0857 4640 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
17:23:43.0861 4640 ErrDev - ok
17:23:43.0948 4640 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:23:43.0952 4640 exfat - ok
17:23:44.0002 4640 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:23:44.0007 4640 fastfat - ok
17:23:44.0034 4640 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
17:23:44.0037 4640 fdc - ok
17:23:44.0064 4640 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:23:44.0066 4640 FileInfo - ok
17:23:44.0081 4640 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:23:44.0083 4640 Filetrace - ok
17:23:44.0105 4640 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:23:44.0107 4640 flpydisk - ok
17:23:44.0156 4640 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:23:44.0161 4640 FltMgr - ok
17:23:44.0221 4640 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:23:44.0222 4640 Fs_Rec - ok
17:23:44.0238 4640 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
17:23:44.0241 4640 gagp30kx - ok
17:23:44.0281 4640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:23:44.0283 4640 GEARAspiWDM - ok
17:23:44.0374 4640 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:23:44.0380 4640 HdAudAddService - ok
17:23:44.0446 4640 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:23:44.0465 4640 HDAudBus - ok
17:23:44.0480 4640 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:23:44.0482 4640 HidBth - ok
17:23:44.0509 4640 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:23:44.0512 4640 HidIr - ok
17:23:44.0571 4640 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:23:44.0571 4640 HidUsb - ok
17:23:44.0589 4640 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
17:23:44.0592 4640 HpCISSs - ok
17:23:44.0686 4640 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:23:44.0720 4640 HSF_DPV - ok
17:23:44.0772 4640 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:23:44.0778 4640 HSXHWAZL - ok
17:23:44.0831 4640 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:23:44.0843 4640 HTTP - ok
17:23:44.0879 4640 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
17:23:44.0881 4640 i2omp - ok
17:23:44.0941 4640 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:23:44.0944 4640 i8042prt - ok
17:23:45.0007 4640 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
17:23:45.0012 4640 iaStor - ok
17:23:45.0045 4640 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
17:23:45.0050 4640 iaStorV - ok
17:23:45.0214 4640 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:23:45.0311 4640 igfx - ok
17:23:45.0390 4640 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:23:45.0393 4640 iirsp - ok
17:23:45.0443 4640 IntcHdmiAddService - ok
17:23:45.0479 4640 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
17:23:45.0482 4640 intelide - ok
17:23:45.0505 4640 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:23:45.0507 4640 intelppm - ok
17:23:45.0550 4640 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:23:45.0552 4640 IpFilterDriver - ok
17:23:45.0569 4640 IpInIp - ok
17:23:45.0585 4640 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
17:23:45.0587 4640 IPMIDRV - ok
17:23:45.0612 4640 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:23:45.0616 4640 IPNAT - ok
17:23:45.0640 4640 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:23:45.0642 4640 IRENUM - ok
17:23:45.0671 4640 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
17:23:45.0674 4640 isapnp - ok
17:23:45.0730 4640 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:23:45.0734 4640 iScsiPrt - ok
17:23:45.0749 4640 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:23:45.0751 4640 iteatapi - ok
17:23:45.0770 4640 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:23:45.0778 4640 iteraid - ok
17:23:45.0843 4640 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
17:23:45.0844 4640 jswpslwf - ok
17:23:45.0876 4640 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:23:45.0878 4640 kbdclass - ok
17:23:45.0893 4640 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
17:23:45.0895 4640 kbdhid - ok
17:23:45.0968 4640 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:23:45.0980 4640 KSecDD - ok
17:23:46.0034 4640 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:23:46.0036 4640 lltdio - ok
17:23:46.0067 4640 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
17:23:46.0070 4640 LSI_FC - ok
17:23:46.0089 4640 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
17:23:46.0092 4640 LSI_SAS - ok
17:23:46.0110 4640 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
17:23:46.0114 4640 LSI_SCSI - ok
17:23:46.0135 4640 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:23:46.0138 4640 luafv - ok
17:23:46.0194 4640 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:23:46.0196 4640 mdmxsdk - ok
17:23:46.0234 4640 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
17:23:46.0236 4640 megasas - ok
17:23:46.0292 4640 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
17:23:46.0302 4640 MegaSR - ok
17:23:46.0326 4640 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:23:46.0327 4640 Modem - ok
17:23:46.0348 4640 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:23:46.0352 4640 monitor - ok
17:23:46.0375 4640 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:23:46.0377 4640 mouclass - ok
17:23:46.0401 4640 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:23:46.0407 4640 mouhid - ok
17:23:46.0428 4640 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:23:46.0431 4640 MountMgr - ok
17:23:46.0483 4640 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
17:23:46.0486 4640 mpio - ok
17:23:46.0503 4640 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:23:46.0506 4640 mpsdrv - ok
17:23:46.0547 4640 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:23:46.0549 4640 Mraid35x - ok
17:23:46.0593 4640 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:23:46.0596 4640 MRxDAV - ok
17:23:46.0636 4640 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:23:46.0640 4640 mrxsmb - ok
17:23:46.0692 4640 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:23:46.0698 4640 mrxsmb10 - ok
17:23:46.0735 4640 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:23:46.0739 4640 mrxsmb20 - ok
17:23:46.0788 4640 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
17:23:46.0790 4640 msahci - ok
17:23:46.0810 4640 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
17:23:46.0814 4640 msdsm - ok
17:23:46.0857 4640 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:23:46.0860 4640 Msfs - ok
17:23:46.0920 4640 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:23:46.0922 4640 msisadrv - ok
17:23:46.0974 4640 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:23:46.0976 4640 MSKSSRV - ok
17:23:46.0992 4640 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:23:46.0994 4640 MSPCLOCK - ok
17:23:47.0017 4640 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:23:47.0019 4640 MSPQM - ok
17:23:47.0079 4640 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:23:47.0083 4640 MsRPC - ok
17:23:47.0114 4640 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:23:47.0115 4640 mssmbios - ok
17:23:47.0140 4640 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:23:47.0142 4640 MSTEE - ok
17:23:47.0177 4640 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:23:47.0180 4640 Mup - ok
17:23:47.0246 4640 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:23:47.0251 4640 NativeWifiP - ok
17:23:47.0331 4640 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:23:47.0350 4640 NDIS - ok
17:23:47.0383 4640 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:23:47.0385 4640 NdisTapi - ok
17:23:47.0404 4640 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:23:47.0407 4640 Ndisuio - ok
17:23:47.0456 4640 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:23:47.0461 4640 NdisWan - ok
17:23:47.0484 4640 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:23:47.0487 4640 NDProxy - ok
17:23:47.0516 4640 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:23:47.0518 4640 NetBIOS - ok
17:23:47.0568 4640 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:23:47.0574 4640 netbt - ok
17:23:47.0643 4640 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:23:47.0646 4640 nfrd960 - ok
17:23:47.0707 4640 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:23:47.0710 4640 Npfs - ok
17:23:47.0734 4640 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:23:47.0737 4640 nsiproxy - ok
17:23:47.0831 4640 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:23:47.0876 4640 Ntfs - ok
17:23:47.0909 4640 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:23:47.0911 4640 ntrigdigi - ok
17:23:47.0936 4640 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:23:47.0937 4640 Null - ok
17:23:47.0969 4640 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
17:23:47.0972 4640 nvraid - ok
17:23:47.0999 4640 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
17:23:48.0002 4640 nvstor - ok
17:23:48.0036 4640 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
17:23:48.0040 4640 nv_agp - ok
17:23:48.0059 4640 NwlnkFlt - ok
17:23:48.0078 4640 NwlnkFwd - ok
17:23:48.0138 4640 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
17:23:48.0141 4640 O2MDRDR - ok
17:23:48.0203 4640 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:23:48.0205 4640 ohci1394 - ok
17:23:48.0271 4640 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:23:48.0274 4640 Parport - ok
17:23:48.0321 4640 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:23:48.0324 4640 partmgr - ok
17:23:48.0350 4640 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:23:48.0352 4640 Parvdm - ok
17:23:48.0411 4640 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:23:48.0413 4640 pccsmcfd - ok
17:23:48.0458 4640 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:23:48.0463 4640 pci - ok
17:23:48.0516 4640 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
17:23:48.0518 4640 pciide - ok
17:23:48.0539 4640 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:23:48.0547 4640 pcmcia - ok
17:23:48.0606 4640 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:23:48.0640 4640 PEAUTH - ok
17:23:48.0741 4640 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:23:48.0743 4640 PptpMiniport - ok
17:23:48.0770 4640 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
17:23:48.0773 4640 Processor - ok
17:23:48.0857 4640 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:23:48.0860 4640 PSched - ok
17:23:48.0893 4640 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
17:23:48.0897 4640 PxHelp20 - ok
17:23:48.0941 4640 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
17:23:48.0947 4640 QIOMem - ok
17:23:49.0029 4640 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
17:23:49.0067 4640 ql2300 - ok
17:23:49.0081 4640 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:23:49.0085 4640 ql40xx - ok
17:23:49.0110 4640 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:23:49.0113 4640 QWAVEdrv - ok
17:23:49.0138 4640 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:23:49.0141 4640 RasAcd - ok
17:23:49.0173 4640 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:23:49.0177 4640 Rasl2tp - ok
17:23:49.0253 4640 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:23:49.0255 4640 RasPppoe - ok
17:23:49.0308 4640 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:23:49.0311 4640 RasSstp - ok
17:23:49.0364 4640 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:23:49.0371 4640 rdbss - ok
17:23:49.0398 4640 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:23:49.0399 4640 RDPCDD - ok
17:23:49.0447 4640 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
17:23:49.0456 4640 rdpdr - ok
17:23:49.0477 4640 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:23:49.0479 4640 RDPENCDD - ok
17:23:49.0536 4640 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:23:49.0542 4640 RDPWD - ok
17:23:49.0581 4640 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:23:49.0584 4640 rspndr - ok
17:23:49.0611 4640 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:23:49.0615 4640 sbp2port - ok
17:23:49.0711 4640 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
17:23:49.0714 4640 sdbus - ok
17:23:49.0758 4640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:23:49.0760 4640 secdrv - ok
17:23:49.0800 4640 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:23:49.0802 4640 Serenum - ok
17:23:49.0823 4640 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:23:49.0827 4640 Serial - ok
17:23:49.0852 4640 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:23:49.0855 4640 sermouse - ok
17:23:49.0953 4640 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
17:23:49.0956 4640 sffdisk - ok
17:23:49.0982 4640 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
17:23:49.0984 4640 sffp_mmc - ok
17:23:50.0013 4640 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
17:23:50.0015 4640 sffp_sd - ok
17:23:50.0043 4640 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:23:50.0045 4640 sfloppy - ok
17:23:50.0082 4640 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
17:23:50.0086 4640 sisagp - ok
17:23:50.0101 4640 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
17:23:50.0104 4640 SiSRaid2 - ok
17:23:50.0123 4640 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
17:23:50.0126 4640 SiSRaid4 - ok
17:23:50.0198 4640 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:23:50.0201 4640 Smb - ok
17:23:50.0304 4640 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:23:50.0306 4640 spldr - ok
17:23:50.0358 4640 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:23:50.0366 4640 srv - ok
17:23:50.0415 4640 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:23:50.0419 4640 srv2 - ok
17:23:50.0446 4640 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:23:50.0449 4640 srvnet - ok
17:23:50.0569 4640 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:23:50.0570 4640 swenum - ok
17:23:50.0612 4640 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:23:50.0614 4640 Symc8xx - ok
17:23:50.0636 4640 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:23:50.0638 4640 Sym_hi - ok
17:23:50.0654 4640 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:23:50.0657 4640 Sym_u3 - ok
17:23:50.0806 4640 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:23:50.0870 4640 Tcpip - ok
17:23:50.0913 4640 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:23:50.0926 4640 Tcpip6 - ok
17:23:50.0970 4640 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:23:50.0973 4640 tcpipreg - ok
17:23:51.0043 4640 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:23:51.0045 4640 tdcmdpst - ok
17:23:51.0107 4640 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:23:51.0108 4640 TDPIPE - ok
17:23:51.0126 4640 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:23:51.0130 4640 TDTCP - ok
17:23:51.0183 4640 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:23:51.0187 4640 tdx - ok
17:23:51.0275 4640 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:23:51.0278 4640 TermDD - ok
17:23:51.0375 4640 Tosrfcom - ok
17:23:51.0430 4640 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
17:23:51.0432 4640 tosrfec - ok
17:23:51.0482 4640 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
17:23:51.0492 4640 tos_sps32 - ok
17:23:51.0558 4640 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:23:51.0560 4640 tssecsrv - ok
17:23:51.0577 4640 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:23:51.0581 4640 tunmp - ok
17:23:51.0626 4640 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:23:51.0628 4640 tunnel - ok
17:23:51.0683 4640 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:23:51.0685 4640 TVALZ - ok
17:23:51.0702 4640 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
17:23:51.0708 4640 uagp35 - ok
17:23:51.0771 4640 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:23:51.0779 4640 udfs - ok
17:23:51.0855 4640 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
17:23:51.0859 4640 uliagpkx - ok
17:23:51.0915 4640 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
17:23:51.0923 4640 uliahci - ok
17:23:51.0944 4640 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:23:51.0949 4640 UlSata - ok
17:23:51.0976 4640 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:23:51.0982 4640 ulsata2 - ok
17:23:52.0016 4640 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:23:52.0019 4640 umbus - ok
17:23:52.0079 4640 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
17:23:52.0083 4640 USBAAPL - ok
17:23:52.0103 4640 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:23:52.0107 4640 usbccgp - ok
17:23:52.0134 4640 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:23:52.0138 4640 usbcir - ok
17:23:52.0189 4640 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:23:52.0191 4640 usbehci - ok
17:23:52.0246 4640 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:23:52.0254 4640 usbhub - ok
17:23:52.0301 4640 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:23:52.0304 4640 usbohci - ok
17:23:52.0344 4640 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:23:52.0347 4640 usbprint - ok
17:23:52.0391 4640 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:23:52.0395 4640 USBSTOR - ok
17:23:52.0429 4640 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:23:52.0431 4640 usbuhci - ok
17:23:52.0481 4640 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
17:23:52.0487 4640 usbvideo - ok
17:23:52.0528 4640 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
17:23:52.0530 4640 UVCFTR - ok
17:23:52.0574 4640 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
17:23:52.0577 4640 vga - ok
17:23:52.0597 4640 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:23:52.0600 4640 VgaSave - ok
17:23:52.0629 4640 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
17:23:52.0632 4640 viaagp - ok
17:23:52.0651 4640 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
17:23:52.0660 4640 ViaC7 - ok
17:23:52.0678 4640 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
17:23:52.0680 4640 viaide - ok
17:23:52.0740 4640 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:23:52.0743 4640 volmgr - ok
17:23:52.0797 4640 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:23:52.0805 4640 volmgrx - ok
17:23:52.0859 4640 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:23:52.0866 4640 volsnap - ok
17:23:52.0896 4640 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
17:23:52.0902 4640 vsmraid - ok
17:23:52.0955 4640 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:23:52.0957 4640 WacomPen - ok
17:23:52.0985 4640 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:52.0988 4640 Wanarp - ok
17:23:53.0013 4640 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:23:53.0014 4640 Wanarpv6 - ok
17:23:53.0046 4640 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
17:23:53.0049 4640 Wd - ok
17:23:53.0092 4640 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:23:53.0106 4640 Wdf01000 - ok
17:23:53.0207 4640 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:23:53.0229 4640 winachsf - ok
17:23:53.0334 4640 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:23:53.0335 4640 WmiAcpi - ok
17:23:53.0422 4640 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:23:53.0425 4640 WpdUsb - ok
17:23:53.0451 4640 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:23:53.0453 4640 ws2ifsl - ok
17:23:53.0519 4640 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:23:53.0523 4640 WUDFRd - ok
17:23:53.0560 4640 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
17:23:53.0561 4640 XAudio - ok
17:23:53.0613 4640 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
17:23:53.0622 4640 yukonwlh - ok
17:23:53.0679 4640 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:23:53.0742 4640 \Device\Harddisk0\DR0 - ok
17:23:53.0749 4640 Boot (0x1200) (a7b5baea623ef4c711dbedec4ffbd55e) \Device\Harddisk0\DR0\Partition0
17:23:53.0751 4640 \Device\Harddisk0\DR0\Partition0 - ok
17:23:53.0783 4640 Boot (0x1200) (2cf7732c3c80c5f3b4e27aadd884d169) \Device\Harddisk0\DR0\Partition1
17:23:53.0784 4640 \Device\Harddisk0\DR0\Partition1 - ok
17:23:53.0785 4640 ============================================================
17:23:53.0785 4640 Scan finished
17:23:53.0785 4640 ============================================================
17:23:53.0815 5476 Detected object count: 0
17:23:53.0816 5476 Actual detected object count: 0


And here's the aswMBR log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 17:30:33
-----------------------------
17:30:33.219 OS Version: Windows 6.0.6002 Service Pack 2
17:30:33.220 Number of processors: 2 586 0xF0D
17:30:33.221 ComputerName: CLARE-PC UserName: Clare
17:30:33.978 Initialize success
17:48:20.157 AVAST engine defs: 12021100
17:49:45.837 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:49:45.845 Disk 0 Vendor: WDC_WD12 01.0 Size: 114473MB BusType: 3
17:49:45.874 Disk 0 MBR read successfully
17:49:45.883 Disk 0 MBR scan
17:49:45.898 Disk 0 Windows VISTA default MBR code
17:49:45.935 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:49:45.957 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 57379 MB offset 3074048
17:49:45.999 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 55593 MB offset 120586240
17:49:46.018 Disk 0 scanning sectors +234440704
17:49:46.322 Disk 0 scanning C:\Windows\system32\drivers
17:50:05.519 Service scanning
17:50:06.988 Modules scanning
17:50:17.044 Disk 0 trace - called modules:
17:50:17.460
17:50:18.282 AVAST engine scan C:\Windows
17:50:21.770 AVAST engine scan C:\Windows\system32
17:55:44.598 AVAST engine scan C:\Windows\system32\drivers
17:56:10.244 AVAST engine scan C:\Users\Clare
18:12:01.534 AVAST engine scan C:\ProgramData
18:17:49.888 Scan finished successfully
18:20:59.963 Disk 0 MBR has been saved successfully to "C:\Users\Clare\Desktop\MBR.dat"
18:20:59.971 The log file has been saved successfully to "C:\Users\Clare\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 AM

Posted 11 February 2012 - 05:53 PM

Hello

Have you tried to change the background?


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tabbycat8

tabbycat8
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 11 February 2012 - 07:13 PM

Hi
I managed to change the background so that's ok now.
Windows Security Centre keeps coming up with a message saying there are multiple security problems with my computer, but it could just be that I need to update things. When I open up the Windows Security Centre window, it says that Windows Defender is out of date and AVG is still turned off, but clicking the 'turn on now' button doesn't seem to do anything. I think I might just need to update to the newer version of AVG though...

Anyway, here's the Combofix log:


ComboFix 12-02-11.01 - Clare 11/02/2012 23:27:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1912.1108 [GMT 0:00]
Running from: c:\users\Clare\Downloads\ComboFix.exe
Command switches used :: c:\users\Clare\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 23:45 . 2012-02-11 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 09:38 . 2012-02-08 09:38 -------- d-----w- c:\users\Clare\AppData\Roaming\Malwarebytes
2012-02-08 09:38 . 2012-02-08 09:38 -------- d-----w- c:\programdata\Malwarebytes
2012-02-08 09:38 . 2012-02-08 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-08 09:38 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-07 11:20 . 2012-02-07 11:20 -------- d-----w- c:\programdata\WindowsSearch
2012-02-06 22:35 . 2012-02-07 11:11 -------- d-----w- c:\program files\AVG Secure Search
2012-02-06 11:39 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-06 11:39 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-06 11:39 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-06 11:39 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-06 11:39 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-06 11:39 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 13:16 . 2012-01-22 13:16 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-13 12:59 . 2012-01-13 12:59 -------- d-----w- c:\users\Clare\AppData\Local\twitter
2012-01-13 12:59 . 2012-01-13 12:59 576536 ----a-r- c:\users\Clare\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-01-13 12:59 . 2012-01-13 12:59 -------- d-----w- c:\program files\Twitter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 15:59 . 2012-01-11 18:27 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-13 21:09 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 18:22 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 18:21 66560 ----a-w- c:\windows\system32\packager.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-07 11:10 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-07 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"NDSTray.exe"="NDSTray.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"MediaBarFileManager"="c:\program files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe" [2007-06-25 30024]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-05-21 273544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-07 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-07 928096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 23:01]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.139.132.5 212.139.132.20
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 23:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-11 23:51:31
ComboFix-quarantined-files.txt 2012-02-11 23:51
ComboFix2.txt 2012-02-11 12:24
.
Pre-Run: 8,166,653,952 bytes free
Post-Run: 8,203,530,240 bytes free
.
- - End Of File - - CE36C1F011615AE94396EB14EF7921C3

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 AM

Posted 11 February 2012 - 08:17 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.2
Java™ 6 Update 17
Java™ 6 Update 6
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tabbycat8

tabbycat8
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 12 February 2012 - 07:53 AM

Hello
Ok, I managed to complete all those steps. There were quite a lot of bolded items to be deleted when I uninstalled Java Update 6 - Revo Uninstaller said there were 1583 found registry items.

Here's the MBAM log:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Clare :: CLARE-PC [administrator]

12/02/2012 12:04:42
mbam-log-2012-02-12 (12-04-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189216
Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



And here's the HijackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:31, on 12/02/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [MediaBarFileManager] C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate1c9b4b03f83191d) (gupdate1c9b4b03f83191d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11951 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 AM

Posted 12 February 2012 - 01:39 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
      O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tabbycat8

tabbycat8
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 12 February 2012 - 08:53 PM

Hi
I've removed the start-up entries and run the scan. The scan took a long time - over 5 hours - and it found one threat.

Here is the result I got by clicking on copy to clipboard (there didn't seem to be a log, just the location of the threat, so I hope I've done it right!):

C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\902UABUX\morguefile_com[1].htm JS/Kryptik.GM trojan

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 AM

Posted 12 February 2012 - 09:07 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\902UABUX\morguefile_com[1].htm"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tabbycat8

tabbycat8
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 13 February 2012 - 07:37 PM

Hi

I'm afraid I'm having trouble with a few things.

I ran the Secunia Software Inspector scan earlier, but after over 5 hours it still wasn't finished, even though it's apparently only supposed to take several minutes. Eventually I stopped it, and I've tried running it again a few times since then but it either freezes after a couple of minutes or won't start at all. When it has run for a couple of minutes before freezing, it's said I need to update Skype and Adobe Flash Player, but I've already updated both those programs to the latest versions.

I also updated the programs Windows Update said needed updating, including Internet Explorer. However, since doing that, Internet Explorer hasn't been working - when I try to open it, a message immediately comes up saying 'Internet Explorer has stopped working' and I have to close the program (I'm having to use Safari again at the moment).

Also, I tried to follow your instructions for turning on automatic updates, but the window that came up when I typed sysdm.cpl into Run didn't have an Automatic Updates tab.

Sorry to be a pain!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:16 AM

Posted 13 February 2012 - 08:48 PM

Hello

Sorry to be a pain! - Don't worry!!

I also updated the programs Windows Update said needed updating, including Internet Explorer. However, since doing that, Internet Explorer hasn't been working - when I try to open it, a message immediately comes up saying 'Internet Explorer has stopped working' and I have to close the program (I'm having to use Safari again at the moment).

I want you to run it without add/ons and see if that is a problem - http://blogs.msdn.com/b/ie/archive/2006/07/25/678113.aspx

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users