Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something


  • This topic is locked This topic is locked
43 replies to this topic

#1 CPUisill

CPUisill

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 01 March 2012 - 09:49 PM

I have a CPU with multiple issues, bug or virus related and needs some updates.

My system is Windows XP, Media Center Edition, Version 2002, Service Pack 2, Dell Dimension 8400, Intel Pentium 4 CPU 3.20GHz, 1.00 GB of RAM

It all started with a virus called System Fix that I resolved with information from Bleeping Computer Forum.
I tried to use system restore to bring it back to prior to this event. But system restore does not work.

Started to have “Restore Active Desktop” inplace of my wallpaper. Which led to Blue and Black (BSOD) screens of death and system fault errors.

With the following messages: BCCode: 100000d1 BCP1: 00000010 BCP2: 00000002 BCP3: 00000000 BCP4: F7410DFA OSver 5_1_2600 SP 2_0 Product 256_1.

Driver_IRQL_Not_less or Equal, Stop 0x000000D1 (0x00000010, 0x00000002, 0x00000000, 0xF7410DFA) iastor.sys-Address F7410DFA base at F7402000, date stamp 40608c73.

During this time the system would stay on for 30 to 60 minutes then crash. I was not able to run Malwarebytes or AVG since these would crash the system.

During startups I also get this Rundll error loading C:\Progra~1\ Newdot~1\ Newdot~2Dll, the specific module could not be found.

I have a program called Belarc Advisor I was able to update the program and run it. From there I was able to run Microsoft Update. I was able to download some security fixes for Service Pack 2. (KB931906) and (KB890830) The system was more stable not crashing. I was able to log off normally. Then I tried to run Service Pack 3 it failed because of error 0x80070005. I went into REGEDIT and checked off boxes related to software updates. Then rebooted system tried running Service Pack 3 again, same failure and hang up during uninstall. During Service Pack 3 uninstalling of it self it hangs up. So I believe my system has Service Pack 2 and Pack 3 running if thats possible. The system is stable I backed up everything that needs backing up.

I tried updating AVG it failed to download the newest version and got error codes 0xC0070643 and 0xC00706B7.

I got an error message when updating Malwarebytes. The instruction at 0x10002737 referenced memory at 0x00000000. The memory could not be read. Click ok to terminate program. I clicked ok. The program runs anyways trying to perform a full scan of the system, the system crashes to a black screen after 2 hours.

I was able to stabilize the wall paper for now after a Google search. The system boots up fine but very slowly, everything runs slowly. System is on for hours now. Please advise on how to get rid of bugs and back to running normal. Thank you.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 03 March 2012 - 03:38 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 CPUisill

CPUisill
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 03 March 2012 - 07:08 PM

Hello Gringo,
Thanks for getting back to me. If I don't get back to you right away or beyond your normal limits. I still want to resolve my CPU issues.
There were no problems to report. See posted logs from DDS. Thank you.

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Wally at 18:31:33 on 2012-03-03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.441 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Free Firewall *Disabled*
FW: *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/index.html
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
mWinlogon: Userinit=c:\windows\system32\USERINIT.EXE
BHO: rsion - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn5\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\ahead\data\xtras\mssysmgr.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [myweather] "c:\program files\myfreeweather\myweather.exe" /autorun
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISW]
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [OmniPage] c:\program files\caere\omnipagepro90\opware32.exe
mRun: [OASClnt] c:\program files\mcafee.com\vso\oasclnt.exe
mRun: [NWEReboot]
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
mRun: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [New.net Startup] rundll32 c:\progra~1\newdot~1\NEWDOT~2.DLL,NewDotNetStartup -s
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup
mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe
mRun: [MPSExe] c:\progra~1\mcafee.com\mps\mscifapp.exe /embedding
mRun: [MPFExe] c:\progra~1\mcafee.com\person~1\MpfTray.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\wally\startm~1\programs\startup\pictur~1.lnk - c:\program files\nikon\pictureproject in touch\PictureProjectInTouch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com
Trusted Zone: rei.com\fp
Trusted Zone: musicmatch.com
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:\docume~1\wally\locals~1\temp\ixp000.tmp\InstallerControl.cab#-1,-1,-1,-1
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://fp.rei.com/vdesk/terminal/f5InspectionHost.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1330189193296
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3F0D668B-D023-4D9F-B7A2-96310F7611B7} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-23 64512]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-1-28 28552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-11-28 286736]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-8-22 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-8-22 122368]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S2 gupdate1c9fbdf1dbb28c4;Google Update Service (gupdate1c9fbdf1dbb28c4);c:\program files\google\update\GoogleUpdate.exe [2009-7-3 133104]
S2 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe --> c:\progra~1\mcafee.com\vso\mcshield.exe [?]
S2 mrtRate;mrtRate; [x]
S3 72555653;72555653; [x]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-3 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2004-12-27 245760]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys --> c:\windows\system32\drivers\naiavf5x.sys [?]
.
=============== Created Last 30 ================
.
2012-03-03 23:04:49 -------- d-----w- c:\documents and settings\wally\application data\SUPERAntiSpyware.com
2012-02-29 21:33:59 2016768 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-29 20:45:25 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-02-29 20:45:24 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-26 03:07:28 382464 ------w- c:\windows\system32\_006613_.tmp.dll
2012-02-26 03:07:26 2897920 ------w- c:\windows\system32\_006612_.tmp.dll
2012-02-25 23:40:07 382464 ------w- c:\windows\system32\_006582_.tmp.dll
2012-02-25 23:40:01 2897920 ------w- c:\windows\system32\_006581_.tmp.dll
2012-02-25 16:15:11 -------- d-----w- c:\program files\SUPERAntiSpyware
.
==================== Find3M ====================
.
2011-12-25 21:25:55 24576 ----a-w- c:\windows\system32\userinit.exe
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-08-27 18:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 18:33:19.96 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/30/2004 11:13:36 AM
System Uptime: 3/3/2012 5:09:20 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U7077
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
Processor: Intel® Pentium® 4 CPU 3.20GHz | Microprocessor | 3192/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 94.162 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1717: 10/28/2011 10:32:30 AM - System Checkpoint
RP1718: 10/29/2011 10:37:30 AM - System Checkpoint
RP1719: 10/30/2011 11:35:20 AM - System Checkpoint
RP1720: 10/31/2011 11:38:33 AM - System Checkpoint
RP1721: 11/1/2011 12:05:04 PM - System Checkpoint
RP1722: 11/2/2011 3:32:13 PM - System Checkpoint
RP1723: 11/3/2011 6:28:05 PM - System Checkpoint
RP1724: 11/5/2011 7:24:34 AM - System Checkpoint
RP1725: 11/6/2011 9:35:42 AM - System Checkpoint
RP1726: 11/7/2011 6:37:35 PM - System Checkpoint
RP1727: 11/8/2011 8:41:56 PM - System Checkpoint
RP1728: 11/10/2011 6:14:05 AM - Software Distribution Service 3.0
RP1729: 11/11/2011 3:34:06 PM - System Checkpoint
RP1730: 11/13/2011 7:19:16 AM - System Checkpoint
RP1731: 11/14/2011 7:29:11 AM - System Checkpoint
RP1732: 11/15/2011 8:33:33 AM - System Checkpoint
RP1733: 11/16/2011 9:46:13 AM - System Checkpoint
RP1734: 11/17/2011 10:00:09 AM - System Checkpoint
RP1735: 11/18/2011 10:45:57 AM - System Checkpoint
RP1736: 11/19/2011 12:55:10 PM - System Checkpoint
RP1737: 11/20/2011 3:53:58 PM - System Checkpoint
RP1738: 11/22/2011 9:25:59 AM - System Checkpoint
RP1739: 11/23/2011 11:18:14 AM - System Checkpoint
RP1740: 11/24/2011 7:09:09 PM - System Checkpoint
RP1741: 11/26/2011 6:30:40 AM - System Checkpoint
RP1742: 11/27/2011 8:17:32 AM - System Checkpoint
RP1743: 11/28/2011 9:45:08 AM - System Checkpoint
RP1744: 12/1/2011 3:47:31 PM - System Checkpoint
RP1745: 12/5/2011 12:43:00 AM - System Checkpoint
RP1746: 12/7/2011 11:39:17 PM - Software Distribution Service 3.0
RP1747: 12/11/2011 9:31:33 AM - System Checkpoint
RP1748: 12/11/2011 10:18:53 AM - Installed Ad-Aware
RP1749: 12/14/2011 9:47:37 AM - System Checkpoint
RP1750: 12/15/2011 11:05:30 AM - System Checkpoint
RP1751: 12/16/2011 1:50:58 PM - System Checkpoint
RP1752: 12/17/2011 8:00:12 AM - Installed Ad-Aware
RP1753: 12/23/2011 3:21:40 PM - Restore Operation
RP1754: 12/23/2011 4:09:34 PM - Restore Operation
RP1755: 12/23/2011 4:20:05 PM - Restore Operation
RP1756: 12/23/2011 5:17:20 PM - Restore Operation
RP1757: 12/23/2011 5:39:36 PM - Restore Operation
RP1758: 12/23/2011 5:53:38 PM - Restore Operation
RP1759: 12/24/2011 12:58:39 PM - Software Distribution Service 3.0
RP1760: 12/26/2011 6:32:57 AM - Restore Operation
RP1761: 12/26/2011 7:01:11 AM - Restore Operation
RP1762: 12/26/2011 7:28:23 AM - Restore Operation
RP1763: 1/25/2012 11:32:45 AM - Software Distribution Service 3.0
RP1764: 1/25/2012 9:36:28 PM - Software Distribution Service 3.0
RP1765: 1/31/2012 3:27:40 PM - Software Distribution Service 3.0
RP1766: 2/25/2012 6:31:33 PM - Software Distribution Service 3.0
RP1767: 2/25/2012 8:34:19 PM - Software Distribution Service 3.0
RP1768: 2/25/2012 9:58:39 PM - Software Distribution Service 3.0
RP1769: 2/25/2012 11:13:32 PM - Software Distribution Service 3.0
RP1770: 2/29/2012 4:25:17 PM - Software Distribution Service 3.0
RP1771: 3/1/2012 4:36:31 PM - Software Distribution Service 3.0
RP1772: 3/1/2012 10:00:50 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Abacast Client
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop Album
Adobe Photoshop Elements 3.0
Adobe Photoshop Lightroom 2.2
Adobe Reader 9.4.6
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Control Panel
ATI Display Driver
Avery® Wizard 2.1 for Microsoft® Office Word 2003
AVG 2012
Belarc Advisor 8.2
BIG-IP Edge Client Components (All Users)
Bonjour
Broadcom Advanced Control Suite 2
Camera Window
Canon Camera Window for ZoomBrowser EX
Canon Easy-WebPrint EX
Canon iP4300
Canon iP4300 User Registration
Canon MP Navigator EX 3.0
Canon MP640 series MP Drivers
Canon MP640 series User Registration
Canon PhotoRecord
Canon ScanGear Toolbox 3.1
Canon Setup Utility 2.2
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities My Printer
Canon Utilities PhotoStitch 3.1
Canon Utilities Solution Menu
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Cypress USB Mass Storage Driver Installation
DeductionPro 2008
DeductionPro 2009
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Networking Guide
Dell Picture Studio v3.0
Dell Support 5.0.0 (766)
DeLorme Topo USA 6.0
DeLorme Topo USA 6.0 Merge Modules
EarthLink setup files
Earthmate Image Tagger
Easy-WebPrint
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R260 User's Guide
erLT
ESPNMotion
exPressit S.E. 2.1
GardenBytesInstall
GemMaster Mystic
Get High Speed Internet!
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H&R Block Deluxe + Efile + State 2009
H&R Block Deluxe + Efile + State 2010
H&R Block Massachusetts 2009
H&R Block Massachusetts 2010
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IHA_MessageCenter
InCD EasyWrite Reader
Instant JPEG From RAW
Intel Application Accelerator
Intel® 537EP V9x DF PCI Modem
Internet Explorer Default Page
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 21
KhalInstallWrapper
LabelCreator Pro
Learn2 Player (Uninstall Only)
Logitech SetPoint
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Shredder
McAfee Uninstall Wizard
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Musicmatch® Jukebox
My Way Search Assistant
Napster
NeroVision Express 2
NetZeroInstallers
Nikon Message Center
Nikon View 6
OmniPage Pro 9.0
Otto
Panda ActiveScan 2.0
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoStitch
PictureProject
PictureProject In Touch 1.0
PictureProject In Touch Downloader 1.0
PM FASTrack®
PowerDVD 5.3
Quicken 2006
QuickTime
RealPlayer
RelevantKnowledge
Roxio Burn Engine
Roxio Easy Media Creator 7
Scan Manager 5.2
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sonic DLA
Sonic Encoders
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
SoundMAX
SUPERAntiSpyware
Sygate Personal Firewall
TaxCut Massachusetts 2007
TaxCut Massachusetts 2008
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
USB Storage Adapter FX (SM1)
VC 9.0 Runtime
Verizon Download Manager
Viewpoint Media Player (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vz In Home Agent
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
XoftSpySE
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/3/2012 4:52:04 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified procedure could not be found.
3/3/2012 4:52:04 PM, error: Rasman [20132] - Remote Access Connection Manager failed to start because the RAS RPC module failed to initialize. The specified procedure could not be found.
3/3/2012 4:36:17 PM, error: Service Control Manager [7023] - The Network Connections service terminated with the following error: The specified module could not be found.
3/3/2012 4:27:50 PM, error: Service Control Manager [7000] - The wpsdrvnt service failed to start due to the following error: The system cannot find the file specified.
3/3/2012 4:27:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Teefer wpsdrvnt
3/3/2012 4:27:31 PM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: The specified module could not be found.
3/3/2012 4:27:31 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The specified module could not be found.
3/3/2012 4:27:30 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
3/3/2012 4:27:29 PM, error: Service Control Manager [7000] - The McAfee.com McShield service failed to start due to the following error: The system cannot find the path specified.
3/3/2012 4:27:28 PM, error: Service Control Manager [7023] - The Wireless Zero Configuration service terminated with the following error: The specified module could not be found.
3/3/2012 4:19:37 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/3/2012 4:19:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 03 March 2012 - 08:42 PM

Hello

I do not know if I will be able to solve all your problems but when I finish with you - you will know that it is not malware causing the problems :thumbup2:

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 CPUisill

CPUisill
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 March 2012 - 03:37 PM

Gringo,

I turned off all security software I believe I have, following the information you provided. If I missed anything maybe you can share additional details. During startups I also get this Rundll error loading C:\Progra~1\ Newdot~1\ Newdot~2Dll, the specific module could not be found.

While running Combofix I did install Win XP Recovery Console. During the running of combofix I got no black screens or reboots, ran for 20 minutes or so. System reboots to log report.

Get error: IP Config.exe Unable to locate component. This application has failed to start because dot3api.dll was not found. Reinstalling the application may fix the problem. ok. Happened four times while waiting for combofix log report and saving the report. While typing a response to you the system crashed with Blue Screen of Death and following error: Driver_IRQL_Not_less or Equal, Stop 0x000000D1 (0x00000010, 0x00000002, 0x00000000, 0xF7365DFA) iastor.sys-Address F7365DFA base at F7357000, date stamp 40608c73. I reboot than CHKDSK runs, system flashes through Safemode to desktop and icons. I try typing message to you, system crashes after being on 15 mins. Another BSOD and similar Driver_IRQL_Not_less or Equal error. I reboot CHKDSK runs again this time deleting many index entry after running combofix 03-04-12.doc.lnk what I could write down. System flashes through Safemode to desktop and icons. I copy combofix.txt to cdr. While doing that. Get several similiar messages: BCCode: 100000d1 BCP1: 00000010 BCP2: 00000002 BCP3: 00000000 BCP4: F7410DFA OSver 5_1_2600 SP 2_0 Product 256_1. System unstable so sending message from my laptop.

Combofix.txt
ComboFix 12-03-04.01 - Wally 03/04/2012 13:02:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.540 [GMT -5:00]
Running from: c:\documents and settings\Wally\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\master
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\index.dat
c:\documents and settings\Wally\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\Wally\Local Settings\Temporary Internet Files\CSC2.5U-EN-819-I.sbr.sgn
c:\documents and settings\Wally\Local Settings\Temporary Internet Files\ENCounterSpyConsumer.2.5.1043.0.exe
c:\documents and settings\Wally\Start Menu\Programs\System Fix
c:\documents and settings\Wally\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\Wally\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\documents and settings\Wally\WINDOWS
c:\windows\SET132D.tmp
c:\windows\ST6UNST.000
c:\windows\system32\_000218_.tmp.dll
c:\windows\system32\_000229_.tmp.dll
c:\windows\system32\_000231_.tmp.dll
c:\windows\system32\_006523_.tmp.dll
c:\windows\system32\_006524_.tmp.dll
c:\windows\system32\_006525_.tmp.dll
c:\windows\system32\_006526_.tmp.dll
c:\windows\system32\_006527_.tmp.dll
c:\windows\system32\_006528_.tmp.dll
c:\windows\system32\_006529_.tmp.dll
c:\windows\system32\_006530_.tmp.dll
c:\windows\system32\_006533_.tmp.dll
c:\windows\system32\_006534_.tmp.dll
c:\windows\system32\_006535_.tmp.dll
c:\windows\system32\_006537_.tmp.dll
c:\windows\system32\_006538_.tmp.dll
c:\windows\system32\_006541_.tmp.dll
c:\windows\system32\_006542_.tmp.dll
c:\windows\system32\_006544_.tmp.dll
c:\windows\system32\_006545_.tmp.dll
c:\windows\system32\_006546_.tmp.dll
c:\windows\system32\_006547_.tmp.dll
c:\windows\system32\_006548_.tmp.dll
c:\windows\system32\_006550_.tmp.dll
c:\windows\system32\_006551_.tmp.dll
c:\windows\system32\_006552_.tmp.dll
c:\windows\system32\_006553_.tmp.dll
c:\windows\system32\_006554_.tmp.dll
c:\windows\system32\_006557_.tmp.dll
c:\windows\system32\_006558_.tmp.dll
c:\windows\system32\_006559_.tmp.dll
c:\windows\system32\_006560_.tmp.dll
c:\windows\system32\_006562_.tmp.dll
c:\windows\system32\_006564_.tmp.dll
c:\windows\system32\_006565_.tmp.dll
c:\windows\system32\_006566_.tmp.dll
c:\windows\system32\_006567_.tmp.dll
c:\windows\system32\_006568_.tmp.dll
c:\windows\system32\_006570_.tmp.dll
c:\windows\system32\_006571_.tmp.dll
c:\windows\system32\_006572_.tmp.dll
c:\windows\system32\_006573_.tmp.dll
c:\windows\system32\_006574_.tmp.dll
c:\windows\system32\_006576_.tmp.dll
c:\windows\system32\_006579_.tmp.dll
c:\windows\system32\_006580_.tmp.dll
c:\windows\system32\_006581_.tmp.dll
c:\windows\system32\_006582_.tmp.dll
c:\windows\system32\_006583_.tmp.dll
c:\windows\system32\_006585_.tmp.dll
c:\windows\system32\_006588_.tmp.dll
c:\windows\system32\_006590_.tmp.dll
c:\windows\system32\_006593_.tmp.dll
c:\windows\system32\_006595_.tmp.dll
c:\windows\system32\_006596_.tmp.dll
c:\windows\system32\_006597_.tmp.dll
c:\windows\system32\_006598_.tmp.dll
c:\windows\system32\_006601_.tmp.dll
c:\windows\system32\_006602_.tmp.dll
c:\windows\system32\_006603_.tmp.dll
c:\windows\system32\_006604_.tmp.dll
c:\windows\system32\_006605_.tmp.dll
c:\windows\system32\_006610_.tmp.dll
c:\windows\system32\_006612_.tmp.dll
c:\windows\system32\_006613_.tmp.dll
c:\windows\system32\_006681_.tmp.dll
c:\windows\system32\_006682_.tmp.dll
c:\windows\system32\_006683_.tmp.dll
c:\windows\system32\_006684_.tmp.dll
c:\windows\system32\_006691_.tmp.dll
c:\windows\system32\_006692_.tmp.dll
c:\windows\system32\_006693_.tmp.dll
c:\windows\system32\_006695_.tmp.dll
c:\windows\system32\_006696_.tmp.dll
c:\windows\system32\_006699_.tmp.dll
c:\windows\system32\_006700_.tmp.dll
c:\windows\system32\_006703_.tmp.dll
c:\windows\system32\_006706_.tmp.dll
c:\windows\system32\_006707_.tmp.dll
c:\windows\system32\_006709_.tmp.dll
c:\windows\system32\_006710_.tmp.dll
c:\windows\system32\_006712_.tmp.dll
c:\windows\system32\_006715_.tmp.dll
c:\windows\system32\_006717_.tmp.dll
c:\windows\system32\_006720_.tmp.dll
c:\windows\system32\_006722_.tmp.dll
c:\windows\system32\_006723_.tmp.dll
c:\windows\system32\_006724_.tmp.dll
c:\windows\system32\_006725_.tmp.dll
c:\windows\system32\_006728_.tmp.dll
c:\windows\system32\_006729_.tmp.dll
c:\windows\system32\_006730_.tmp.dll
c:\windows\system32\_006731_.tmp.dll
c:\windows\system32\_006732_.tmp.dll
c:\windows\system32\_006737_.tmp.dll
c:\windows\system32\_006739_.tmp.dll
c:\windows\system32\_006740_.tmp.dll
c:\windows\system32\regobj.dll
c:\windows\system32\SET1076.tmp
c:\windows\system32\SET1079.tmp
c:\windows\system32\SET107A.tmp
c:\windows\system32\SET10B0.tmp
c:\windows\system32\SET10CA.tmp
c:\windows\system32\SET10CD.tmp
c:\windows\system32\SET10CE.tmp
c:\windows\system32\SET10F1.tmp
c:\windows\system32\SET1105.tmp
c:\windows\system32\SET110E.tmp
c:\windows\system32\SET1111.tmp
c:\windows\system32\SET1112.tmp
c:\windows\system32\SET1146.tmp
c:\windows\system32\SET1149.tmp
c:\windows\system32\SET118A.tmp
c:\windows\system32\SET13F6.tmp
c:\windows\system32\SET13FA.tmp
c:\windows\system32\SET1402.tmp
c:\windows\system32\SET1410.tmp
c:\windows\system32\SET1414.tmp
c:\windows\system32\SET141C.tmp
c:\windows\system32\SET141D.tmp
c:\windows\system32\SET141E.tmp
c:\windows\system32\SET1424.tmp
c:\windows\system32\SET142D.tmp
c:\windows\system32\SET1436.tmp
c:\windows\system32\SET143D.tmp
c:\windows\system32\SET144C.tmp
c:\windows\system32\SET1451.tmp
c:\windows\system32\SET1452.tmp
c:\windows\system32\SET1453.tmp
c:\windows\system32\SET1455.tmp
c:\windows\system32\SET1457.tmp
c:\windows\system32\SET1458.tmp
c:\windows\system32\SET1459.tmp
c:\windows\system32\SET145A.tmp
c:\windows\system32\SET145C.tmp
c:\windows\system32\SET145D.tmp
c:\windows\system32\SET145E.tmp
c:\windows\system32\SET1466.tmp
c:\windows\system32\SET148D.tmp
c:\windows\system32\SET1492.tmp
c:\windows\system32\SET1493.tmp
c:\windows\system32\SET14A5.tmp
c:\windows\system32\SET14C2.tmp
c:\windows\system32\SET14C5.tmp
c:\windows\system32\SET14CD.tmp
c:\windows\system32\SET14D2.tmp
c:\windows\system32\SET14D8.tmp
c:\windows\system32\SET14ED.tmp
c:\windows\system32\SET1500.tmp
c:\windows\system32\SET1508.tmp
c:\windows\system32\SET1516.tmp
c:\windows\system32\SET1522.tmp
c:\windows\system32\SET1524.tmp
c:\windows\system32\SET154C.tmp
c:\windows\system32\SET1553.tmp
c:\windows\system32\SET1555.tmp
c:\windows\system32\SET155D.tmp
c:\windows\system32\SET1565.tmp
c:\windows\system32\SET156D.tmp
c:\windows\system32\SET1578.tmp
c:\windows\system32\SET157E.tmp
c:\windows\system32\SET157F.tmp
c:\windows\system32\SET1582.tmp
c:\windows\system32\SET1587.tmp
c:\windows\system32\SET158A.tmp
c:\windows\system32\SET158B.tmp
c:\windows\system32\SET158C.tmp
c:\windows\system32\SET158D.tmp
c:\windows\system32\SET1590.tmp
c:\windows\system32\SET159B.tmp
c:\windows\system32\SET159E.tmp
c:\windows\system32\SET15A2.tmp
c:\windows\system32\SET15A3.tmp
c:\windows\system32\SET15A4.tmp
c:\windows\system32\SET15A5.tmp
c:\windows\system32\SET15A7.tmp
c:\windows\system32\SET15A9.tmp
c:\windows\system32\SET15AD.tmp
c:\windows\system32\SET15AE.tmp
c:\windows\system32\SET15B1.tmp
c:\windows\system32\SET15B6.tmp
c:\windows\system32\SET15B8.tmp
c:\windows\system32\SET15BB.tmp
c:\windows\system32\SET15BE.tmp
c:\windows\system32\SET15BF.tmp
c:\windows\system32\SET15C4.tmp
c:\windows\system32\SET15D0.tmp
c:\windows\system32\SET15D1.tmp
c:\windows\system32\SET15D7.tmp
c:\windows\system32\SET15D8.tmp
c:\windows\system32\SET15DB.tmp
c:\windows\system32\SET15DC.tmp
c:\windows\system32\SET15DE.tmp
c:\windows\system32\SET15E2.tmp
c:\windows\system32\SET15E4.tmp
c:\windows\system32\SET15E5.tmp
c:\windows\system32\SET15E6.tmp
c:\windows\system32\SET15EC.tmp
c:\windows\system32\SET15ED.tmp
c:\windows\system32\SET15EE.tmp
c:\windows\system32\SET15F3.tmp
c:\windows\system32\SET15FB.tmp
c:\windows\system32\SET15FC.tmp
c:\windows\system32\SET15FD.tmp
c:\windows\system32\SET15FF.tmp
c:\windows\system32\SET1600.tmp
c:\windows\system32\SET1601.tmp
c:\windows\system32\SET1603.tmp
c:\windows\system32\SET1604.tmp
c:\windows\system32\SET1605.tmp
c:\windows\system32\SET1606.tmp
c:\windows\system32\SET1607.tmp
c:\windows\system32\SET160A.tmp
c:\windows\system32\SET160B.tmp
c:\windows\system32\SET1612.tmp
c:\windows\system32\SET1613.tmp
c:\windows\system32\SET1632.tmp
c:\windows\system32\SET1634.tmp
c:\windows\system32\SET1638.tmp
c:\windows\system32\SET1646.tmp
c:\windows\system32\SET1648.tmp
c:\windows\system32\SET1658.tmp
c:\windows\system32\SET165E.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET1661.tmp
c:\windows\system32\SET1662.tmp
c:\windows\system32\SET1663.tmp
c:\windows\system32\SET166A.tmp
c:\windows\system32\SET1673.tmp
c:\windows\system32\SET1674.tmp
c:\windows\system32\SET167F.tmp
c:\windows\system32\SET1680.tmp
c:\windows\system32\SET1683.tmp
c:\windows\system32\SET1684.tmp
c:\windows\system32\SET1688.tmp
c:\windows\system32\SET1689.tmp
c:\windows\system32\SET168C.tmp
c:\windows\system32\SET168D.tmp
c:\windows\system32\SET1690.tmp
c:\windows\system32\SET1692.tmp
c:\windows\system32\SET1697.tmp
c:\windows\system32\SET16AC.tmp
c:\windows\system32\SET16AD.tmp
c:\windows\system32\SET16AE.tmp
c:\windows\system32\SET16B1.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16C5.tmp
c:\windows\system32\SET16C6.tmp
c:\windows\system32\SET16CE.tmp
c:\windows\system32\SET16D7.tmp
c:\windows\system32\SET16D8.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16E9.tmp
c:\windows\system32\SET16EA.tmp
c:\windows\system32\SET16EB.tmp
c:\windows\system32\SET16EC.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET16F4.tmp
c:\windows\system32\SET16F5.tmp
c:\windows\system32\SET16F8.tmp
c:\windows\system32\SET16FF.tmp
c:\windows\system32\SET1700.tmp
c:\windows\system32\SET1702.tmp
c:\windows\system32\SET1706.tmp
c:\windows\system32\SET1715.tmp
c:\windows\system32\SET1716.tmp
c:\windows\system32\SET1717.tmp
c:\windows\system32\SET1718.tmp
c:\windows\system32\SET171A.tmp
c:\windows\system32\SET171B.tmp
c:\windows\system32\SET171D.tmp
c:\windows\system32\SET171E.tmp
c:\windows\system32\SET171F.tmp
c:\windows\system32\SET1721.tmp
c:\windows\system32\SET1722.tmp
c:\windows\system32\SET1723.tmp
c:\windows\system32\SET1729.tmp
c:\windows\system32\SET172C.tmp
c:\windows\system32\SET172D.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET1739.tmp
c:\windows\system32\SET173B.tmp
c:\windows\system32\SET173D.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET1740.tmp
c:\windows\system32\SET1741.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET17A.tmp
c:\windows\system32\SET17B.tmp
c:\windows\system32\SET17E.tmp
c:\windows\system32\SET180.tmp
c:\windows\system32\SET181.tmp
c:\windows\system32\SET183.tmp
c:\windows\system32\SET185.tmp
c:\windows\system32\SET187.tmp
c:\windows\system32\SET18F.tmp
c:\windows\system32\SET190.tmp
c:\windows\system32\SET191.tmp
c:\windows\system32\SET192.tmp
c:\windows\system32\SET197.tmp
c:\windows\system32\SET199.tmp
c:\windows\system32\SET19B.tmp
c:\windows\system32\SET19C.tmp
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET19E.tmp
c:\windows\system32\SET1A0.tmp
c:\windows\system32\SET1A2.tmp
c:\windows\system32\SET1A4.tmp
c:\windows\system32\SET1A7.tmp
c:\windows\system32\SET1A8.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AE.tmp
c:\windows\system32\SET1AF.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B4.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B7.tmp
c:\windows\system32\SET1B8.tmp
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C3.tmp
c:\windows\system32\SET1C9.tmp
c:\windows\system32\SET1CA.tmp
c:\windows\system32\SET1CB.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET1D6.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1DD.tmp
c:\windows\system32\SET1E5.tmp
c:\windows\system32\SET1E7.tmp
c:\windows\system32\SET1EB.tmp
c:\windows\system32\SET1EF.tmp
c:\windows\system32\SET1F1.tmp
c:\windows\system32\SET1F5.tmp
c:\windows\system32\SET1F8.tmp
c:\windows\system32\SET200.tmp
c:\windows\system32\SET201.tmp
c:\windows\system32\SET202.tmp
c:\windows\system32\SET208.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SET212.tmp
c:\windows\system32\SET215.tmp
c:\windows\system32\SET218.tmp
c:\windows\system32\SET219.tmp
c:\windows\system32\SET21B.tmp
c:\windows\system32\SET21C.tmp
c:\windows\system32\SET21F.tmp
c:\windows\system32\SET221.tmp
c:\windows\system32\SET223.tmp
c:\windows\system32\SET225.tmp
c:\windows\system32\SET22B.tmp
c:\windows\system32\SET22D.tmp
c:\windows\system32\SET22F.tmp
c:\windows\system32\SET230.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET235.tmp
c:\windows\system32\SET236.tmp
c:\windows\system32\SET239.tmp
c:\windows\system32\SET23B.tmp
c:\windows\system32\SET23C.tmp
c:\windows\system32\SET23E.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET244.tmp
c:\windows\system32\SET245.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24B.tmp
c:\windows\system32\SET24D.tmp
c:\windows\system32\SET24F.tmp
c:\windows\system32\SET250.tmp
c:\windows\system32\SET251.tmp
c:\windows\system32\SET252.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET257.tmp
c:\windows\system32\SET25A.tmp
c:\windows\system32\SET25C.tmp
c:\windows\system32\SET25D.tmp
c:\windows\system32\SET25F.tmp
c:\windows\system32\SET26A.tmp
c:\windows\system32\SET26B.tmp
c:\windows\system32\SET26D.tmp
c:\windows\system32\SET26E.tmp
c:\windows\system32\SET270.tmp
c:\windows\system32\SET276.tmp
c:\windows\system32\SET277.tmp
c:\windows\system32\SET27B.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\SET285.tmp
c:\windows\system32\SET286.tmp
c:\windows\system32\SET287.tmp
c:\windows\system32\SET289.tmp
c:\windows\system32\SET292.tmp
c:\windows\system32\SET298.tmp
c:\windows\system32\SET299.tmp
c:\windows\system32\SET29A.tmp
c:\windows\system32\SET29B.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2A4.tmp
c:\windows\system32\SET2AA.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2AE.tmp
c:\windows\system32\SET2B2.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2B5.tmp
c:\windows\system32\SET2BA.tmp
c:\windows\system32\SET2C1.tmp
c:\windows\system32\SET2C2.tmp
c:\windows\system32\SET2C9.tmp
c:\windows\system32\SET2CA.tmp
c:\windows\system32\SET2D1.tmp
c:\windows\system32\SET2D2.tmp
c:\windows\system32\SET2D3.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2D9.tmp
c:\windows\system32\SET2DF.tmp
c:\windows\system32\SET2E0.tmp
c:\windows\system32\SET2E1.tmp
c:\windows\system32\SET2E3.tmp
c:\windows\system32\SET2E4.tmp
c:\windows\system32\SET2E6.tmp
c:\windows\system32\SET2E8.tmp
c:\windows\system32\SET2EE.tmp
c:\windows\system32\SET2F3.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FC.tmp
c:\windows\system32\SET304.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET308.tmp
c:\windows\system32\SET30D.tmp
c:\windows\system32\SET30F.tmp
c:\windows\system32\SET311.tmp
c:\windows\system32\SET316.tmp
c:\windows\system32\SET321.tmp
c:\windows\system32\SET323.tmp
c:\windows\system32\SET324.tmp
c:\windows\system32\SET326.tmp
c:\windows\system32\SET32C.tmp
c:\windows\system32\SET32F.tmp
c:\windows\system32\SET330.tmp
c:\windows\system32\SET337.tmp
c:\windows\system32\SET33B.tmp
c:\windows\system32\SET33C.tmp
c:\windows\system32\SET33F.tmp
c:\windows\system32\SET341.tmp
c:\windows\system32\SET342.tmp
c:\windows\system32\SET344.tmp
c:\windows\system32\SET345.tmp
c:\windows\system32\SET347.tmp
c:\windows\system32\SET348.tmp
c:\windows\system32\SET34A.tmp
c:\windows\system32\SET34D.tmp
c:\windows\system32\SET34F.tmp
c:\windows\system32\SET350.tmp
c:\windows\system32\SET354.tmp
c:\windows\system32\SET355.tmp
c:\windows\system32\SET357.tmp
c:\windows\system32\SET35D.tmp
c:\windows\system32\SET35E.tmp
c:\windows\system32\SET361.tmp
c:\windows\system32\SET364.tmp
c:\windows\system32\SET366.tmp
c:\windows\system32\SET36C.tmp
c:\windows\system32\SET370.tmp
c:\windows\system32\SET375.tmp
c:\windows\system32\SET377.tmp
c:\windows\system32\SET37C.tmp
c:\windows\system32\SET37D.tmp
c:\windows\system32\SET37E.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3AA.tmp
c:\windows\system32\SET3B0.tmp
c:\windows\system32\SET3B1.tmp
c:\windows\system32\SET3C3.tmp
c:\windows\system32\SET3C8.tmp
c:\windows\system32\SET3CA.tmp
c:\windows\system32\SET3D1.tmp
c:\windows\system32\SET3D4.tmp
c:\windows\system32\SET3D5.tmp
c:\windows\system32\SET3D6.tmp
c:\windows\system32\SET3D9.tmp
c:\windows\system32\SET3DA.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3F4.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET407.tmp
c:\windows\system32\SET40C.tmp
c:\windows\system32\SET40E.tmp
c:\windows\system32\SET415.tmp
c:\windows\system32\SET419.tmp
c:\windows\system32\SET41E.tmp
c:\windows\system32\SET422.tmp
c:\windows\system32\SET428.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-03 23:04 . 2012-03-03 23:04 -------- d-----w- c:\documents and settings\Wally\Application Data\SUPERAntiSpyware.com
2012-02-29 21:33 . 2010-02-16 12:39 2016768 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-29 20:45 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-26 03:06 . 2004-08-10 11:00 71040 ------w- c:\windows\system32\drivers\_006500_.tmp.dll
2012-02-25 23:38 . 2004-08-10 11:00 71040 ------w- c:\windows\system32\drivers\_006501_.tmp.dll
2012-02-25 16:16 . 2012-02-25 16:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-02-25 16:15 . 2012-02-25 16:16 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-05-08 14:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-08-27 18:19 . 2005-05-15 12:59 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-12 44032]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 212992]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-10-08 53248]
"MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 303104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
.
c:\documents and settings\Wally\Start Menu\Programs\Startup\
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-3-21 8384512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-12-27 156784]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-25 789008]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/23/2011 4:46 PM 64512]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [1/28/2012 1:31 PM 28552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/7/2010 3:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [11/9/2010 10:20 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [11/28/2011 7:05 AM 286736]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 9:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 9:44 AM 497280]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]
S2 gupdate1c9fbdf1dbb28c4;Google Update Service (gupdate1c9fbdf1dbb28c4);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 8:06 AM 133104]
S2 mrtRate;mrtRate; [x]
S3 72555653;72555653; [x]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 8:06 AM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 2:25 PM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-16 18:39]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 13:06]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 13:06]
.
2004-12-30 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-10 11:00]
.
2005-10-01 c:\windows\Tasks\Quicken 2004.job
- c:\progra~1\Quicken\qw.exe [2005-06-29 11:39]
.
2009-12-08 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-03-07 23:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/index.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com
Trusted Zone: rei.com\fp
Trusted Zone: musicmatch.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
HKCU-Run-myweather - c:\program files\MyFreeWeather\myweather.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-ISW - (no file)
HKLM-Run-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe
HKLM-Run-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
HKLM-Run-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
HKLM-Run-MPSExe - c:\progra~1\mcafee.com\mps\mscifapp.exe
HKLM-Run-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
Notify-dimsntfy - (no file)
AddRemove-{af3a4f65-267f-4774-a676-8204722d2456} - c:\windows\system32\rk.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-04 13:24
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3199696432-1743423638-2121630872-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1020)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1948)
c:\windows\system32\WININET.dll
c:\program files\Caere\OmniPagePro90\ophook32.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-03-04 13:31:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-04 18:31
.
Pre-Run: 100,845,518,848 bytes free
Post-Run: 105,427,128,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
[spybotsd]
timeout.old=30
.
- - End Of File - - 9C6EF8D0F2C22A3E1A9D4923D18B5DCD

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 04 March 2012 - 04:22 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 CPUisill

CPUisill
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 March 2012 - 06:20 PM

Gringo,

TDSSKiller ran fine until time to save log and system crashed, Driver_IRQL error. Found several TDSS logs and are posted below. Downloaded aswMBR.exe and extra definitions. Scan started then crashed minutes later. Had three Driver_IRQL errors. Then physical memory dump blue screen error: 0x00008086 (0x00000000, 0x00000000, 0x00000000, 0x00000000)After each reboot no more CHKDSK runs, but each time I tried running aswMBR the crashes were sooner and sooner. The log was so long I had to shorten it. What's next?

09:13:40.0531 1004 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
09:13:42.0531 1004 ============================================================
09:13:42.0531 1004 Current date / time: 2011/12/05 09:13:42.0531
09:13:42.0531 1004 SystemInfo:
09:13:42.0531 1004
09:13:42.0531 1004 OS Version: 5.1.2600 ServicePack: 2.0
09:13:42.0531 1004 Product type: Workstation
09:13:42.0531 1004 ComputerName: DFZZLF61
09:13:42.0531 1004 UserName: Administrator
09:13:42.0531 1004 Windows directory: C:\WINDOWS
09:13:42.0531 1004 System windows directory: C:\WINDOWS
09:13:42.0531 1004 Processor architecture: Intel x86
09:13:42.0531 1004 Number of processors: 2
09:13:42.0531 1004 Page size: 0x1000
09:13:42.0531 1004 Boot type: Safe boot with network
09:13:42.0531 1004 ============================================================
09:13:42.0968 1004 Initialize success
09:16:58.0953 2032 ============================================================
09:16:58.0953 2032 Scan started
09:16:58.0953 2032 Mode: Manual;
09:16:58.0953 2032 ============================================================
09:16:59.0359 2032 Abiosdsk - ok
09:16:59.0453 2032 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:16:59.0453 2032 abp480n5 - ok
09:16:59.0515 2032 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:16:59.0515 2032 ACPI - ok
09:16:59.0578 2032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:16:59.0578 2032 ACPIEC - ok
09:16:59.0640 2032 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:16:59.0640 2032 adpu160m - ok
09:16:59.0750 2032 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
09:16:59.0750 2032 aec - ok
09:16:59.0828 2032 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
09:16:59.0828 2032 Afc - ok
09:16:59.0906 2032 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
09:16:59.0906 2032 AFD - ok
09:16:59.0953 2032 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:16:59.0953 2032 agp440 - ok
09:17:00.0000 2032 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:17:00.0000 2032 agpCPQ - ok
09:17:00.0046 2032 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:17:00.0046 2032 Aha154x - ok
09:17:00.0078 2032 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:17:00.0078 2032 aic78u2 - ok
09:17:00.0093 2032 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:17:00.0109 2032 aic78xx - ok
09:17:00.0171 2032 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:17:00.0171 2032 AliIde - ok
09:17:00.0218 2032 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:17:00.0234 2032 alim1541 - ok
09:17:00.0250 2032 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:17:00.0250 2032 amdagp - ok
09:17:00.0265 2032 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:17:00.0265 2032 amsint - ok
09:17:00.0343 2032 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:17:00.0343 2032 asc - ok
09:17:00.0375 2032 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:17:00.0375 2032 asc3350p - ok
09:17:00.0390 2032 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:17:00.0390 2032 asc3550 - ok
09:17:00.0484 2032 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:17:00.0484 2032 AsyncMac - ok
09:17:00.0500 2032 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:17:00.0500 2032 atapi - ok
09:17:00.0531 2032 Atdisk - ok
09:17:00.0593 2032 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:17:00.0609 2032 ati2mtag - ok
09:17:00.0640 2032 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:17:00.0640 2032 Atmarpc - ok
09:17:00.0671 2032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:17:00.0671 2032 audstub - ok
09:17:00.0750 2032 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
09:17:00.0750 2032 AVGIDSDriver - ok
09:17:00.0781 2032 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
09:17:00.0781 2032 AVGIDSEH - ok
09:17:00.0796 2032 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
09:17:00.0812 2032 AVGIDSFilter - ok
09:17:00.0859 2032 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
09:17:00.0859 2032 AVGIDSShim - ok
09:17:00.0921 2032 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:17:00.0921 2032 Avgldx86 - ok
09:17:01.0000 2032 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:17:01.0000 2032 Avgmfx86 - ok
09:17:01.0046 2032 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:17:01.0062 2032 Avgrkx86 - ok
09:17:01.0093 2032 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:17:01.0093 2032 Avgtdix - ok
09:17:01.0140 2032 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:17:01.0140 2032 b57w2k - ok
09:17:01.0203 2032 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
09:17:01.0203 2032 BANTExt - ok
09:17:01.0250 2032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:17:01.0250 2032 Beep - ok
09:17:01.0296 2032 bvrp_pci - ok
09:17:01.0328 2032 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:17:01.0328 2032 cbidf - ok
09:17:01.0343 2032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:17:01.0343 2032 cbidf2k - ok
09:17:01.0375 2032 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:17:01.0375 2032 cd20xrnt - ok
09:17:01.0406 2032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:17:01.0406 2032 Cdaudio - ok
09:17:01.0437 2032 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
09:17:01.0437 2032 Cdfs - ok
09:17:01.0500 2032 Cdr4_xp (223dea13c9d064babc882b4727f6f905) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
09:17:01.0500 2032 Cdr4_xp - ok
09:17:01.0515 2032 Cdralw2k (9e26599599d178e71afb5599e146031a) C:\WINDOWS\system32\drivers\Cdralw2k.sys
09:17:01.0531 2032 Cdralw2k - ok
09:17:01.0546 2032 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:17:01.0546 2032 Cdrom - ok
09:17:01.0578 2032 cdudf_xp (3073ad3b24440575725e5f46f3bf0a51) C:\WINDOWS\system32\drivers\cdudf_xp.sys
09:17:01.0578 2032 cdudf_xp - ok
09:17:01.0593 2032 Changer - ok
09:17:01.0656 2032 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:17:01.0656 2032 CmdIde - ok
09:17:01.0718 2032 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:17:01.0718 2032 Cpqarray - ok
09:17:01.0765 2032 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:17:01.0765 2032 dac2w2k - ok
09:17:01.0781 2032 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:17:01.0796 2032 dac960nt - ok
09:17:01.0843 2032 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
09:17:01.0843 2032 Disk - ok
09:17:01.0906 2032 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
09:17:01.0921 2032 dmboot - ok
09:17:01.0953 2032 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
09:17:01.0968 2032 dmio - ok
09:17:01.0984 2032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:17:01.0984 2032 dmload - ok
09:17:02.0046 2032 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
09:17:02.0046 2032 DMusic - ok
09:17:02.0078 2032 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:17:02.0078 2032 dpti2o - ok
09:17:02.0093 2032 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
09:17:02.0093 2032 drmkaud - ok
09:17:02.0140 2032 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:17:02.0140 2032 drvmcdb - ok
09:17:02.0171 2032 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
09:17:02.0187 2032 drvnddm - ok
09:17:02.0218 2032 DVDVRRdr_xp (47cbf30c2e818ce0fd799b10fc6a3265) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
09:17:02.0218 2032 DVDVRRdr_xp - ok
09:17:02.0250 2032 dvd_2K (97b7214d73c339f426cc6482a39bbe05) C:\WINDOWS\system32\drivers\dvd_2K.sys
09:17:02.0250 2032 dvd_2K - ok
09:17:02.0281 2032 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:17:02.0296 2032 E100B - ok
09:17:02.0390 2032 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
09:17:02.0390 2032 Fastfat - ok
09:17:02.0437 2032 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:17:02.0437 2032 Fdc - ok
09:17:02.0468 2032 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
09:17:02.0468 2032 Fips - ok
09:17:02.0515 2032 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:17:02.0515 2032 Flpydisk - ok
09:17:02.0546 2032 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:17:02.0546 2032 FltMgr - ok
09:17:02.0593 2032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:17:02.0593 2032 Fs_Rec - ok
09:17:02.0609 2032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:17:02.0609 2032 Ftdisk - ok
09:17:02.0671 2032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:17:02.0687 2032 GEARAspiWDM - ok
09:17:02.0703 2032 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:17:02.0703 2032 Gpc - ok
09:17:02.0812 2032 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:17:02.0812 2032 HidUsb - ok
09:17:02.0843 2032 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:17:02.0843 2032 hpn - ok
09:17:02.0906 2032 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
09:17:02.0906 2032 HTTP - ok
09:17:02.0953 2032 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:17:02.0968 2032 i2omgmt - ok
09:17:02.0984 2032 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:17:02.0984 2032 i2omp - ok
09:17:03.0015 2032 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:17:03.0015 2032 i8042prt - ok
09:17:03.0062 2032 iaStor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\drivers\iaStor.sys
09:17:03.0062 2032 iaStor - ok
09:17:03.0140 2032 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:17:03.0140 2032 Imapi - ok
09:17:03.0171 2032 incdrm (195a22bc8674090ccce5c3e2b7d96aca) C:\WINDOWS\system32\drivers\incdrm.sys
09:17:03.0171 2032 incdrm - ok
09:17:03.0218 2032 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:17:03.0218 2032 ini910u - ok
09:17:03.0296 2032 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
09:17:03.0343 2032 IntelC51 - ok
09:17:03.0390 2032 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
09:17:03.0406 2032 IntelC52 - ok
09:17:03.0437 2032 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
09:17:03.0437 2032 IntelC53 - ok
09:17:03.0453 2032 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:17:03.0453 2032 IntelIde - ok
09:17:03.0484 2032 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:17:03.0484 2032 intelppm - ok
09:17:03.0531 2032 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:17:03.0531 2032 Ip6Fw - ok
09:17:03.0546 2032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:17:03.0546 2032 IpFilterDriver - ok
09:17:03.0578 2032 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:17:03.0578 2032 IpInIp - ok
09:17:03.0625 2032 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:17:03.0640 2032 IpNat - ok
09:17:03.0671 2032 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:17:03.0671 2032 IPSec - ok
09:17:03.0703 2032 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:17:03.0718 2032 IRENUM - ok
09:17:03.0765 2032 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:17:03.0765 2032 isapnp - ok
09:17:03.0828 2032 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
09:17:03.0828 2032 ISWKL - ok
09:17:03.0890 2032 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:17:03.0890 2032 Kbdclass - ok
09:17:03.0937 2032 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:17:03.0937 2032 kbdhid - ok
09:17:03.0984 2032 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
09:17:04.0000 2032 kmixer - ok
09:17:04.0031 2032 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
09:17:04.0046 2032 KSecDD - ok
09:17:04.0078 2032 L8042Kbd (f3a17f3fd54ca73c0bcbcc3fe0c47e13) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
09:17:04.0078 2032 L8042Kbd - ok
09:17:04.0093 2032 L8042mou (dba4170da935937a9d8aca5b09df0845) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
09:17:04.0109 2032 L8042mou - ok
09:17:04.0234 2032 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
09:17:04.0234 2032 Lavasoft Kernexplorer - ok
09:17:04.0296 2032 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
09:17:04.0296 2032 Lbd - ok
09:17:04.0312 2032 lbrtfdc - ok
09:17:04.0375 2032 LHidFilt (23d84187822a0020b9f1ea71c7db3193) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
09:17:04.0375 2032 LHidFilt - ok
09:17:04.0437 2032 LMouFilt (596499c81cb4b5841f91cfe3f514d202) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
09:17:04.0437 2032 LMouFilt - ok
09:17:04.0468 2032 LMouKE (ec7ac2fb252b0854daabbe3d21da6660) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
09:17:04.0484 2032 LMouKE - ok
09:17:04.0500 2032 MBAMSwissArmy - ok
09:17:04.0625 2032 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
09:17:04.0625 2032 MHNDRV - ok
09:17:04.0671 2032 mmc_2K (6017c2ef198df24f2fbdc5e2647356c2) C:\WINDOWS\system32\drivers\mmc_2K.sys
09:17:04.0671 2032 mmc_2K - ok
09:17:04.0687 2032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:17:04.0687 2032 mnmdd - ok
09:17:04.0734 2032 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
09:17:04.0734 2032 Modem - ok
09:17:04.0750 2032 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
09:17:04.0765 2032 MODEMCSA - ok
09:17:04.0796 2032 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
09:17:04.0796 2032 mohfilt - ok
09:17:04.0843 2032 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:17:04.0843 2032 Mouclass - ok
09:17:04.0859 2032 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:17:04.0859 2032 mouhid - ok
09:17:04.0890 2032 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
09:17:04.0890 2032 MountMgr - ok
09:17:04.0906 2032 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:17:04.0906 2032 mraid35x - ok
09:17:04.0937 2032 mrtRate - ok
09:17:04.0968 2032 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:17:04.0984 2032 MRxDAV - ok
09:17:05.0031 2032 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:17:05.0062 2032 MRxSmb - ok
09:17:05.0093 2032 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
09:17:05.0093 2032 Msfs - ok
09:17:05.0140 2032 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:17:05.0140 2032 MSKSSRV - ok
09:17:05.0156 2032 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:17:05.0171 2032 MSPCLOCK - ok
09:17:05.0187 2032 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
09:17:05.0203 2032 MSPQM - ok
09:17:05.0234 2032 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:17:05.0234 2032 mssmbios - ok
09:17:05.0250 2032 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
09:17:05.0250 2032 Mup - ok
09:17:05.0265 2032 NaiAvFilter1 - ok
09:17:05.0312 2032 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
09:17:05.0312 2032 NDIS - ok
09:17:05.0375 2032 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:17:05.0375 2032 NdisTapi - ok
09:17:05.0390 2032 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:17:05.0390 2032 Ndisuio - ok
09:17:05.0406 2032 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:17:05.0421 2032 NdisWan - ok
09:17:05.0453 2032 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
09:17:05.0453 2032 NDProxy - ok
09:17:05.0468 2032 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:17:05.0468 2032 NetBIOS - ok
09:17:05.0500 2032 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:17:05.0500 2032 NetBT - ok
09:17:05.0593 2032 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
09:17:05.0593 2032 Npfs - ok
09:17:05.0640 2032 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
09:17:05.0656 2032 Ntfs - ok
09:17:05.0687 2032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:17:05.0687 2032 Null - ok
09:17:05.0781 2032 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:17:05.0828 2032 nv - ok
09:17:05.0859 2032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:17:05.0859 2032 NwlnkFlt - ok
09:17:05.0890 2032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:17:05.0890 2032 NwlnkFwd - ok
09:17:05.0921 2032 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys
09:17:05.0937 2032 omci - ok
09:17:06.0000 2032 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
09:17:06.0000 2032 Parport - ok
09:17:06.0015 2032 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
09:17:06.0015 2032 PartMgr - ok
09:17:06.0062 2032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:17:06.0062 2032 ParVdm - ok
09:17:06.0078 2032 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
09:17:06.0078 2032 PCI - ok
09:17:06.0109 2032 PCIDump - ok
09:17:06.0125 2032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:17:06.0125 2032 PCIIde - ok
09:17:06.0171 2032 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:17:06.0171 2032 Pcmcia - ok
09:17:06.0187 2032 PDCOMP - ok
09:17:06.0218 2032 PDFRAME - ok
09:17:06.0250 2032 PDRELI - ok
09:17:06.0265 2032 PDRFRAME - ok
09:17:06.0312 2032 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:17:06.0312 2032 perc2 - ok
09:17:06.0343 2032 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:17:06.0343 2032 perc2hib - ok
09:17:06.0453 2032 pfc (2748103d03cb1dc0b07635c25d508208) C:\WINDOWS\system32\drivers\pfc.sys
09:17:06.0468 2032 pfc - ok
09:17:06.0515 2032 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:17:06.0515 2032 PptpMiniport - ok
09:17:06.0546 2032 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
09:17:06.0562 2032 PSched - ok
09:17:06.0578 2032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:17:06.0578 2032 Ptilink - ok
09:17:06.0609 2032 pwd_2k (0918db45ac03dc3b20703e445f75169d) C:\WINDOWS\system32\drivers\pwd_2k.sys
09:17:06.0625 2032 pwd_2k - ok
09:17:06.0656 2032 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:17:06.0656 2032 PxHelp20 - ok
09:17:06.0671 2032 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:17:06.0671 2032 ql1080 - ok
09:17:06.0703 2032 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:17:06.0703 2032 Ql10wnt - ok
09:17:06.0734 2032 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:17:06.0734 2032 ql12160 - ok
09:17:06.0765 2032 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:17:06.0765 2032 ql1240 - ok
09:17:06.0781 2032 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:17:06.0796 2032 ql1280 - ok
09:17:06.0812 2032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:17:06.0812 2032 RasAcd - ok
09:17:06.0875 2032 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:17:06.0875 2032 Rasl2tp - ok
09:17:06.0906 2032 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:17:06.0906 2032 RasPppoe - ok
09:17:06.0937 2032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:17:06.0937 2032 Raspti - ok
09:17:07.0000 2032 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:17:07.0000 2032 Rdbss - ok
09:17:07.0015 2032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:17:07.0015 2032 RDPCDD - ok
09:17:07.0078 2032 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:17:07.0078 2032 rdpdr - ok
09:17:07.0140 2032 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
09:17:07.0140 2032 RDPWD - ok
09:17:07.0187 2032 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:17:07.0187 2032 redbook - ok
09:17:07.0375 2032 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\System Fix Killer 2\SuperA\SASDIFSV.SYS
09:17:07.0375 2032 SASDIFSV - ok
09:17:07.0390 2032 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\System Fix Killer 2\SuperA\SASKUTIL.SYS
09:17:07.0390 2032 SASKUTIL - ok
09:17:07.0468 2032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:17:07.0468 2032 Secdrv - ok
09:17:07.0531 2032 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
09:17:07.0531 2032 senfilt - ok
09:17:07.0562 2032 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:17:07.0578 2032 serenum - ok
09:17:07.0593 2032 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
09:17:07.0593 2032 Serial - ok
09:17:07.0656 2032 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:17:07.0656 2032 Sfloppy - ok
09:17:07.0703 2032 Simbad - ok
09:17:07.0734 2032 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:17:07.0734 2032 sisagp - ok
09:17:07.0781 2032 smwdm (479533bacc58b1edf916855bcd139556) C:\WINDOWS\system32\drivers\smwdm.sys
09:17:07.0796 2032 smwdm - ok
09:17:07.0812 2032 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:17:07.0812 2032 Sparrow - ok
09:17:07.0859 2032 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
09:17:07.0859 2032 splitter - ok
09:17:07.0906 2032 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
09:17:07.0906 2032 sr - ok
09:17:07.0968 2032 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
09:17:07.0968 2032 Srv - ok
09:17:07.0984 2032 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:17:08.0000 2032 sscdbhk5 - ok
09:17:08.0031 2032 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
09:17:08.0031 2032 ssrtln - ok
09:17:08.0078 2032 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:17:08.0078 2032 swenum - ok
09:17:08.0125 2032 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
09:17:08.0125 2032 swmidi - ok
09:17:08.0156 2032 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:17:08.0156 2032 symc810 - ok
09:17:08.0187 2032 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:17:08.0187 2032 symc8xx - ok
09:17:08.0203 2032 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:17:08.0218 2032 sym_hi - ok
09:17:08.0234 2032 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:17:08.0234 2032 sym_u3 - ok
09:17:08.0296 2032 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
09:17:08.0296 2032 sysaudio - ok
09:17:08.0375 2032 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:17:08.0390 2032 Tcpip - ok
09:17:08.0421 2032 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:17:08.0437 2032 TDPIPE - ok
09:17:08.0453 2032 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
09:17:08.0453 2032 TDTCP - ok
09:17:08.0500 2032 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
09:17:08.0500 2032 Teefer - ok
09:17:08.0531 2032 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:17:08.0531 2032 TermDD - ok
09:17:08.0593 2032 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
09:17:08.0593 2032 tfsnboio - ok
09:17:08.0609 2032 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
09:17:08.0625 2032 tfsncofs - ok
09:17:08.0640 2032 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
09:17:08.0640 2032 tfsndrct - ok
09:17:08.0703 2032 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
09:17:08.0703 2032 tfsndres - ok
09:17:08.0718 2032 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
09:17:08.0718 2032 tfsnifs - ok
09:17:08.0750 2032 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
09:17:08.0750 2032 tfsnopio - ok
09:17:08.0765 2032 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
09:17:08.0765 2032 tfsnpool - ok
09:17:08.0796 2032 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
09:17:08.0796 2032 tfsnudf - ok
09:17:08.0828 2032 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:17:08.0828 2032 tfsnudfa - ok
09:17:08.0890 2032 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:17:08.0890 2032 TosIde - ok
09:17:08.0953 2032 UDFReadr (e6bc5b364df5696b7888545b54a56ab7) C:\WINDOWS\system32\drivers\UDFReadr.sys
09:17:08.0953 2032 UDFReadr - ok
09:17:08.0984 2032 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
09:17:08.0984 2032 Udfs - ok
09:17:09.0015 2032 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:17:09.0015 2032 ultra - ok
09:17:09.0093 2032 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
09:17:09.0093 2032 Update - ok
09:17:09.0171 2032 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:17:09.0171 2032 usbccgp - ok
09:17:09.0218 2032 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:17:09.0218 2032 usbehci - ok
09:17:09.0250 2032 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:17:09.0250 2032 usbhub - ok
09:17:09.0296 2032 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:17:09.0296 2032 usbprint - ok
09:17:09.0359 2032 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:17:09.0359 2032 usbscan - ok
09:17:09.0406 2032 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:17:09.0406 2032 USBSTOR - ok
09:17:09.0437 2032 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:17:09.0437 2032 usbuhci - ok
09:17:09.0453 2032 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
09:17:09.0468 2032 VgaSave - ok
09:17:09.0484 2032 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:17:09.0500 2032 viaagp - ok
09:17:09.0515 2032 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:17:09.0515 2032 ViaIde - ok
09:17:09.0531 2032 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
09:17:09.0531 2032 VolSnap - ok
09:17:09.0578 2032 vsdatant (558cee3d9c470651f1843d51b42d761b) C:\WINDOWS\system32\vsdatant.sys
09:17:09.0609 2032 vsdatant - ok
09:17:09.0687 2032 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:17:09.0687 2032 Wanarp - ok
09:17:09.0734 2032 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
09:17:09.0750 2032 wanatw - ok
09:17:09.0796 2032 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:17:09.0796 2032 Wdf01000 - ok
09:17:09.0812 2032 WDICA - ok
09:17:09.0859 2032 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
09:17:09.0875 2032 wdmaud - ok
09:17:09.0937 2032 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
09:17:09.0937 2032 wg3n - ok
09:17:09.0968 2032 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
09:17:09.0968 2032 wg4n - ok
09:17:10.0000 2032 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
09:17:10.0000 2032 wg5n - ok
09:17:10.0046 2032 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
09:17:10.0046 2032 wg6n - ok
09:17:10.0187 2032 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
09:17:10.0187 2032 wpsdrvnt - ok
09:17:10.0234 2032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:17:10.0234 2032 WS2IFSL - ok
09:17:10.0328 2032 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
09:17:10.0343 2032 \Device\Harddisk0\DR0 - ok
09:17:10.0359 2032 Boot (0x1200) (685a9299591b47281bfed14981f7fe54) \Device\Harddisk0\DR0\Partition0
09:17:10.0359 2032 \Device\Harddisk0\DR0\Partition0 - ok
09:17:10.0359 2032 ============================================================
09:17:10.0359 2032 Scan finished
09:17:10.0359 2032 ============================================================
09:17:10.0406 1500 Detected object count: 0
09:17:10.0406 1500 Actual detected object count: 0
09:17:41.0843 0676 ============================================================
09:17:41.0843 0676 Scan started
09:17:41.0843 0676 Mode: Manual;
09:17:41.0843 0676 ============================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 04 March 2012 - 08:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 CPUisill

CPUisill
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 05 March 2012 - 07:41 PM

Gringo,

You sent me no link to, Run CFScript:

Thank you

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 05 March 2012 - 07:51 PM

Hello

there is no link

start where it says "open notepad"



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 CPUisill

CPUisill
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 05 March 2012 - 09:43 PM

Gringo,

No problems.


ComboFix 12-03-04.01 - Wally 03/05/2012 21:21:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.514 [GMT -5:00]
Running from: c:\documents and settings\Wally\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wally\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-03 23:04 . 2012-03-03 23:04 -------- d-----w- c:\documents and settings\Wally\Application Data\SUPERAntiSpyware.com
2012-02-29 21:33 . 2010-02-16 12:39 2016768 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-02-29 20:45 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-02-26 03:06 . 2004-08-10 11:00 71040 ------w- c:\windows\system32\drivers\_006500_.tmp.dll
2012-02-25 23:38 . 2004-08-10 11:00 71040 ------w- c:\windows\system32\drivers\_006501_.tmp.dll
2012-02-25 16:16 . 2012-02-25 16:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-02-25 16:15 . 2012-02-25 16:16 -------- d-----w- c:\program files\SUPERAntiSpyware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2009-05-08 14:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-08-27 18:19 . 2005-05-15 12:59 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-04_18.23.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 02:07 . 2012-03-06 02:07 16384 c:\windows\Temp\Perflib_Perfdata_e84.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 55824]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-12 44032]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\McUpdate.exe" [2006-01-11 212992]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-10-08 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-10-08 53248]
"MCAgentExe"="c:\progra~1\McAfee.com\Agent\McAgent.exe" [2005-09-22 303104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
.
c:\documents and settings\Wally\Start Menu\Programs\Startup\
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-3-21 8384512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-12-27 156784]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-2-25 789008]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 17:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/23/2011 4:46 PM 64512]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [1/28/2012 1:31 PM 28552]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/7/2010 3:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [11/9/2010 10:20 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [11/28/2011 7:05 AM 286736]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 9:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 9:44 AM 497280]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 gupdate1c9fbdf1dbb28c4;Google Update Service (gupdate1c9fbdf1dbb28c4);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 8:06 AM 133104]
S2 mrtRate;mrtRate; [x]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
S3 72555653;72555653; [x]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 8:06 AM 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 2:25 PM 2152152]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/18/2011 2:25 PM 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-16 18:39]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 13:06]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 13:06]
.
2004-12-30 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-10 11:00]
.
2005-10-01 c:\windows\Tasks\Quicken 2004.job
- c:\progra~1\Quicken\qw.exe [2005-06-29 11:39]
.
2009-12-08 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-03-07 23:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/index.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com
Trusted Zone: rei.com\fp
Trusted Zone: musicmatch.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {49EC7987-E331-44E3-B170-748B58A268B9} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} - hxxps://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 21:36
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3199696432-1743423638-2121630872-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1020)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(4076)
c:\windows\system32\WININET.dll
c:\program files\Caere\OmniPagePro90\ophook32.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-03-05 21:39:55
ComboFix-quarantined-files.txt 2012-03-06 02:39
ComboFix2.txt 2012-03-04 18:31
.
Pre-Run: 105,083,478,016 bytes free
Post-Run: 105,214,660,608 bytes free
.
- - End Of File - - 8009ECEB8DA0DE0AE81150726F75E44E

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 06 March 2012 - 09:19 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.6
Internet Explorer Default Page
J2SE Runtime Environment 5.0
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 21
My Way Search Assistant
RelevantKnowledge
Viewpoint Media Player (Remove Only)
ZoneAlarm Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 CPUisill

CPUisill
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 07 March 2012 - 06:51 PM

Gringo,

Before I proceed to TFC(Temp File Cleaner), I have a problem with Windows Installer.

Regarding P2P (Person to Person) File Sharing Programs. I haven't used programs like these in years and I open to deleting them from my system.

Running Revo I got the following error message.

Windows Installer:
The windows installer service could not be accessed.
This can occur if you are running windows in safemode,
or if the windows installer is not correctly installed.
Contact your support personnel for assistance. ok.

I'm running in regular mode so the windows installer is not correctly installed.
This problem is effecting downloads from Java and Adobe Reader.
During each download the same (windows installer) error message popped up and the software did not download.

The following I could not find to delete in Revo.

Internet Explorer Default Page
My Way Search Assistant
Relevant Knowledge

Thank you

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 07 March 2012 - 08:42 PM

Hello


try this and see if it fixes things - http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8483
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 CPUisill

CPUisill
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 09 March 2012 - 08:52 PM

Gringo,

Malwarebytes log and Hijack this log.
After running Malwarebytes I got this message.
Malawrebytes Anti-malware: mbam.exe - application error,
The instruction at 0x10002737 referenced memory at 0x00000000.
The memory could not be "read". Click OK to terminate the program. OK
No other errors. System seems to be running fine. Thank you.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.09.09

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Wally :: DFZZLF61 [administrator]

3/9/2012 8:17:15 PM
mbam-log-2012-03-09 (20-17-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217180
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:35:56 PM, on 3/9/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\Install\{6FCA9F5F-08FD-44E9-8C34-90938B4C9F4D}\chrome_updater.exe
C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\CR_B5DF3.tmp\setup.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PictureProject In Touch.lnk = C:\Program Files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://fp.rei.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} (OPSWAT AntiViruses Class) - https://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} (OPSWAT FireWalls Class) - https://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\Wally\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} (OPSWAT ProcessesScanner Class) - https://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://fp.rei.com/vdesk/terminal/f5InspectionHost.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1330189193296
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} (F5 Networks OPSWAT Helper Control) - https://fp.rei.com/vdesk/terminal/f5opswati.cab#Version=7001,2010,728,2351
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9fbdf1dbb28c4) (gupdate1c9fbdf1dbb28c4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15677 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users