Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with possible iexplore.exe virus??


  • This topic is locked This topic is locked
20 replies to this topic

#1 edisblest

edisblest

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 03 April 2012 - 09:36 AM

I have multiple iexplore.exe programs running in Task Manager and random commercial audio ads playing in the background of my computer, even when there are no windows open. I have run Malwarebytes, SuperAntispyware and SpyBot S&D, all in regular and Safe Mode, several times, with no results. Also, the iexplore.exe processes are running without explorer being open. When I do open Explorer, I get random windows pop open from time to time that are mostly ads. Lastly, when explorer is open and I open another window, the tabs change colors, from regular light blue, to green or dark blue, which is new. I am using Windows XP Home Edition. Can someone advise.
Thank you,

P.S. I tried to use GMER, but each time during scanning, my computer would reboot on its on.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 10:28:20 on 2012-04-03
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\WINDOWS\system32\2eQUn6C.com
C:\WINDOWS\system32\2eQUn6C.com
C:\WINDOWS\system32\2EQUN6~1.COM
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://srch-us5.hpwis.com/
uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie8
uDefault_Search_URL = hxxp://srch-us5.hpwis.com/
uWindow Title = Windows Internet Explorer provided by AOL
mSearch Bar = hxxp://srch-us5.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;localhost
mSearchAssistant = hxxp://srch-us5.hpwis.com/
mCustomizeSearch = hxxp://srch-us5.hpwis.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {17A27031-71FC-11d4-815C-005004D0F1FA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\ZKLSPR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CB2CEECD-E467-4644-B6FD-F820C758B664} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester
R? osppsvc;Office Software Protection Platform
R? trid3d;trid3d
S? !SASCORE;SAS Core Service
S? cvhsvc;Client Virtualization Handler
S? ioloSystemService;iolo System Service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-04-03 14:25:53 -------- d-----w- c:\program files\Cobian Backup 8
2012-04-03 14:19:16 -------- d-----w- c:\program files\Cobian Backup 11
2012-04-03 05:03:03 99328 ----a-w- c:\windows\system32\2eQUn6C.com
2012-04-02 19:54:00 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-02 19:53:54 -------- d-----w- c:\program files\Trend Micro
2012-04-02 17:03:14 99328 ----a-w- c:\windows\system32\2eQUn6C.com_
2012-04-01 02:36:33 -------- d-----w- c:\program files\CCleaner
2012-04-01 02:31:43 -------- dc----w- c:\documents and settings\all users\application data\SUPERSetup
2012-04-01 02:12:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-01 02:12:45 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-01 02:11:16 -------- d-----w- c:\documents and settings\owner\.frostwire5
2012-04-01 02:09:59 -------- d-----w- c:\program files\NETGEAR
2012-04-01 01:50:14 -------- d-----w- c:\program files\NETGEAR(2)
2012-03-31 04:01:07 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-03-31 03:54:29 -------- dc----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-03-31 03:54:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-31 03:47:47 -------- dc----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-03-31 03:47:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 03:22:22 -------- d-----w- c:\windows\pss
2012-03-30 01:03:03 99328 ----a-w- c:\windows\system32\2eQUn6C(3).com
2012-03-29 18:07:31 -------- d-----w- c:\documents and settings\owner\application data\TestApp
2012-03-12 16:13:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\WorldWinner.com
2012-03-09 19:11:28 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-07 21:24:39 -------- dc----w- c:\documents and settings\all users\application data\VirtualizedApplications
2012-03-07 17:24:22 -------- d-----w- c:\documents and settings\owner\local settings\application data\SoftGrid Client
2012-03-07 17:24:09 -------- d-----w- c:\documents and settings\owner\application data\SoftGrid Client
2012-03-07 17:18:09 -------- dc----w- c:\documents and settings\all users\Microsoft
2012-03-07 17:18:09 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-03-07 17:16:50 -------- d-----w- c:\documents and settings\owner\application data\TP
2012-03-07 16:49:08 -------- d-----w- c:\windows\SHELLNEW
.
==================== Find3M ====================
.
2012-02-23 05:17:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 19:24:15 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-01-24 17:55:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-24 17:55:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 18:19:28 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-06 19:46:00 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 19:45:52 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 19:44:28 2084488 ----a-w- c:\windows\system32\Incinerator32.dll
2001-08-18 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32:15 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 10:31:27.45 ===============

Attached Files


Edited by edisblest, 03 April 2012 - 04:19 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:57 PM

Posted 04 April 2012 - 05:14 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 April 2012 - 09:52 AM

Thank you for your help Gringo. Here is my Combofix log. I had no problems running Combofix. Random audio commercial ads are still coming on. I checked Task Manager.... iexplore.exe has 4 processes running...... one at 104k, one at 17k, one at 14k and one at 7k. Let me know your thoughts.
Thank you,


ComboFix 12-04-04.02 - Owner 04/04/2012 9:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.218 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\explorer(2).exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\keep in touch with HP.htm
c:\windows\system32\linkinfo(3).dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-03 14:25 . 2012-04-03 14:26 -------- d-----w- c:\program files\Cobian Backup 8
2012-04-03 14:19 . 2012-04-03 14:19 -------- d-----w- c:\program files\Cobian Backup 11
2012-04-03 05:03 . 2012-03-29 13:06 99328 ----a-w- c:\windows\system32\2eQUn6C.com
2012-04-02 19:54 . 2012-04-02 19:54 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-02 19:53 . 2012-04-02 19:53 -------- d-----w- c:\program files\Trend Micro
2012-04-02 18:40 . 2012-04-02 18:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2012-04-01 02:36 . 2012-04-01 02:36 -------- d-----w- c:\program files\CCleaner
2012-04-01 02:31 . 2012-04-01 02:31 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-04-01 02:12 . 2012-04-01 02:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-01 02:11 . 2012-04-01 02:11 -------- d-----w- c:\documents and settings\Owner\.frostwire5
2012-04-01 02:09 . 2012-04-01 02:09 -------- d-----w- c:\program files\NETGEAR
2012-03-31 04:01 . 2012-03-31 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-03-31 03:54 . 2012-04-04 13:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-31 03:54 . 2012-04-02 00:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-31 03:47 . 2012-04-01 02:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 03:47 . 2012-03-31 03:47 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-31 03:43 . 2012-04-01 02:10 -------- dcs---w- c:\documents and settings\Administrator
2012-03-30 01:03 . 2012-03-29 13:06 99328 ----a-w- c:\windows\system32\2eQUn6C(3).com
2012-03-29 18:07 . 2012-03-29 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-03-29 14:06 . 2012-03-29 14:06 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-03-29 14:06 . 2012-04-03 21:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2012-03-12 16:13 . 2012-03-12 16:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WorldWinner.com
2012-03-09 19:11 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-07 21:24 . 2012-04-01 02:10 -------- dc----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2012-03-07 17:24 . 2012-03-07 17:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SoftGrid Client
2012-03-07 17:24 . 2012-04-03 17:57 -------- d-----w- c:\documents and settings\Owner\Application Data\SoftGrid Client
2012-03-07 17:23 . 2012-03-07 17:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0061-0409-0000-0000000FF1CE}
2012-03-07 17:22 . 2012-04-03 16:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2012-03-07 17:19 . 2012-03-10 09:30 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\SoftGrid Client
2012-03-07 17:18 . 2012-03-09 09:12 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-03-07 17:18 . 2012-03-07 17:18 -------- dc----w- c:\documents and settings\All Users\Microsoft
2012-03-07 17:16 . 2012-03-07 17:25 -------- d-----w- c:\documents and settings\Owner\Application Data\TP
2012-03-07 16:49 . 2012-03-07 16:49 -------- d-----w- c:\windows\SHELLNEW
2012-03-07 16:46 . 2012-03-07 16:46 -------- dc----r- C:\MSOCache
2012-03-05 20:59 . 2012-03-09 09:06 -------- d-----w- c:\program files\Microsoft Works
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 05:17 . 2012-01-24 17:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2002-04-30 13:40 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 19:24 . 2012-01-26 19:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-01-24 17:55 . 2012-01-24 17:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-24 17:55 . 2012-01-24 17:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 18:19 . 2012-01-23 18:19 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-01-11 19:06 . 2012-02-23 19:00 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2002-04-30 13:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-06 19:46 . 2012-01-26 19:28 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 19:45 . 2012-01-26 19:28 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 19:44 . 2012-01-26 19:28 2084488 ----a-w- c:\windows\system32\Incinerator32.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"LTMSG"="LTMSG.exe 7" [X]
"S3apphk"="S3apphk.exe" [2002-03-16 28672]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]
"nwiz"="nwiz.exe" [2002-03-09 364544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-03-12 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-03-12 106496]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2012-2-23 1268192]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoPlay.exe [2001-9-17 36864]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Owner\Application Data\iolo"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 3:22 PM 822624]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/26/2012 2:28 PM 681656]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/24/2012 12:06 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/24/2012 12:06 PM 20464]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2/23/2012 3:46 PM 272128]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 11:23 PM 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 11:23 PM 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 11:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 11:23 PM 18280]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe --> c:\program files\Cobian Backup 11\cbVSCService11.exe [?]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/21/2002 12:35 AM 144860]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At11.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At13.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At15.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At17.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-04 c:\windows\Tasks\At18.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At19.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At21.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At22.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-02 c:\windows\Tasks\At23.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-02 c:\windows\Tasks\At24.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At25.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At26.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At27.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At28.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At29.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At3.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At30.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-02 c:\windows\Tasks\At31.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-02 c:\windows\Tasks\At32.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At33.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At34.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-02 c:\windows\Tasks\At35.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-02 c:\windows\Tasks\At36.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-02 c:\windows\Tasks\At37.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-02 c:\windows\Tasks\At38.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At39.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At40.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At41.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At42.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At43.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At44.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At45.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At46.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At47.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At48.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At5.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At7.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At9.job
- c:\windows\system32\2eQUn6C.com [2012-04-03 13:06]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-us5.hpwis.com/
mSearch Bar = hxxp://srch-us5.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA}
LSP: c:\windows\System32\ZKLSPR.DLL
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 09:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,e6,47,d6,24,54,34,47,ac,3c,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,e6,47,d6,24,54,34,47,ac,3c,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1300)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1356)
c:\windows\System32\ZKLSPR.DLL
c:\windows\system32\sxlrt232.dll
.
Completion time: 2012-04-04 09:38:19
ComboFix-quarantined-files.txt 2012-04-04 14:38
.
Pre-Run: 24,668,385,280 bytes free
Post-Run: 24,797,175,808 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - DE8B8608BF46109FFD219199A608ECD5

Edited by edisblest, 04 April 2012 - 10:11 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:57 PM

Posted 04 April 2012 - 02:15 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 April 2012 - 04:04 PM

Gringo,

Here are the logs you requested.....and just so that you are aware, I am still having the same issues, which are "multiple iexplore.exe programs running in Task Manager and random commercial audio ads playing in the background of my computer, even when there are no windows open. Also, the iexplore.exe processes are running without explorer being open. When I do open Explorer, I get random windows pop open from time to time that are mostly ads." Thank you for your help!

14:34:21.0203 3408 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
14:34:22.0734 3408 ============================================================
14:34:22.0734 3408 Current date / time: 2012/04/04 14:34:22.0734
14:34:22.0734 3408 SystemInfo:
14:34:22.0734 3408
14:34:22.0734 3408 OS Version: 5.1.2600 ServicePack: 3.0
14:34:22.0734 3408 Product type: Workstation
14:34:22.0734 3408 ComputerName: HP-M5D4U9R2UV
14:34:22.0734 3408 UserName: Owner
14:34:22.0734 3408 Windows directory: C:\WINDOWS
14:34:22.0734 3408 System windows directory: C:\WINDOWS
14:34:22.0734 3408 Processor architecture: Intel x86
14:34:22.0734 3408 Number of processors: 1
14:34:22.0734 3408 Page size: 0x1000
14:34:22.0750 3408 Boot type: Normal boot
14:34:22.0750 3408 ============================================================
14:34:31.0875 3408 Drive \Device\Harddisk0\DR0 - Size: 0xE503E6000 (57.25 Gb), SectorSize: 0x200, Cylinders: 0x1F05, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
14:34:32.0171 3408 \Device\Harddisk0\DR0:
14:34:32.0218 3408 MBR used
14:34:32.0218 3408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9C3111
14:34:32.0218 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C3150, BlocksNum 0x68BAAF0
14:34:32.0328 3408 Initialize success
14:34:32.0328 3408 ============================================================
14:34:37.0218 5972 ============================================================
14:34:37.0218 5972 Scan started
14:34:37.0218 5972 Mode: Manual;
14:34:37.0218 5972 ============================================================
14:34:40.0328 5972 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:34:40.0375 5972 !SASCORE - ok
14:34:40.0890 5972 Abiosdsk - ok
14:34:41.0500 5972 abp480n5 - ok
14:34:42.0218 5972 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:34:42.0296 5972 ACPI - ok
14:34:42.0812 5972 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:34:42.0828 5972 ACPIEC - ok
14:34:43.0421 5972 adpu160m - ok
14:34:44.0078 5972 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
14:34:44.0140 5972 aeaudio - ok
14:34:44.0718 5972 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:34:44.0781 5972 aec - ok
14:34:45.0484 5972 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:34:45.0500 5972 AegisP - ok
14:34:46.0250 5972 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:34:46.0312 5972 AFD - ok
14:34:46.0875 5972 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
14:34:46.0890 5972 AFS2K - ok
14:34:47.0593 5972 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:34:47.0609 5972 agp440 - ok
14:34:48.0125 5972 Aha154x - ok
14:34:48.0609 5972 aic78u2 - ok
14:34:49.0203 5972 aic78xx - ok
14:34:49.0718 5972 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:34:49.0718 5972 Alerter - ok
14:34:50.0234 5972 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:34:50.0265 5972 ALG - ok
14:34:50.0750 5972 AliIde - ok
14:34:51.0343 5972 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:34:51.0359 5972 AmdK7 - ok
14:34:51.0859 5972 amsint - ok
14:34:52.0328 5972 AppMgmt - ok
14:34:52.0953 5972 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:34:53.0000 5972 Arp1394 - ok
14:34:53.0750 5972 asc - ok
14:34:54.0296 5972 asc3350p - ok
14:34:54.0812 5972 asc3550 - ok
14:34:55.0359 5972 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:34:55.0390 5972 AsyncMac - ok
14:34:55.0953 5972 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:34:55.0953 5972 atapi - ok
14:34:56.0578 5972 Atdisk - ok
14:34:57.0218 5972 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:34:57.0250 5972 Atmarpc - ok
14:34:57.0828 5972 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:34:57.0875 5972 AudioSrv - ok
14:34:58.0484 5972 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:34:58.0500 5972 audstub - ok
14:34:59.0031 5972 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:34:59.0031 5972 Beep - ok
14:34:59.0718 5972 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:35:00.0015 5972 BITS - ok
14:35:00.0703 5972 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
14:35:00.0765 5972 Bridge - ok
14:35:00.0812 5972 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
14:35:00.0828 5972 BridgeMP - ok
14:35:01.0468 5972 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:35:01.0562 5972 Browser - ok
14:35:01.0765 5972 catchme - ok
14:35:02.0515 5972 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:35:02.0531 5972 cbidf2k - ok
14:35:02.0671 5972 cbVSCService11 - ok
14:35:03.0218 5972 cd20xrnt - ok
14:35:03.0828 5972 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:35:03.0843 5972 Cdaudio - ok
14:35:04.0515 5972 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:35:04.0562 5972 Cdfs - ok
14:35:05.0156 5972 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:35:05.0187 5972 Cdrom - ok
14:35:05.0812 5972 Changer - ok
14:35:06.0406 5972 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:35:06.0421 5972 cisvc - ok
14:35:06.0984 5972 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:35:07.0000 5972 ClipSrv - ok
14:35:07.0562 5972 CmdIde - ok
14:35:08.0031 5972 COMSysApp - ok
14:35:08.0750 5972 Cpqarray - ok
14:35:09.0281 5972 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:35:09.0343 5972 CryptSvc - ok
14:35:09.0937 5972 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:35:10.0343 5972 cvhsvc - ok
14:35:10.0859 5972 dac2w2k - ok
14:35:11.0546 5972 dac960nt - ok
14:35:12.0218 5972 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:35:12.0437 5972 DcomLaunch - ok
14:35:13.0093 5972 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:35:13.0328 5972 Dhcp - ok
14:35:13.0937 5972 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:35:13.0953 5972 Disk - ok
14:35:14.0421 5972 dmadmin - ok
14:35:15.0375 5972 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:35:15.0890 5972 dmboot - ok
14:35:16.0656 5972 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:35:16.0734 5972 dmio - ok
14:35:17.0484 5972 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:35:17.0515 5972 dmload - ok
14:35:18.0000 5972 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:35:18.0015 5972 dmserver - ok
14:35:18.0781 5972 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:35:18.0796 5972 DMusic - ok
14:35:19.0406 5972 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:35:19.0421 5972 Dnscache - ok
14:35:20.0171 5972 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:35:20.0250 5972 Dot3svc - ok
14:35:20.0921 5972 dpti2o - ok
14:35:21.0515 5972 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:35:21.0531 5972 drmkaud - ok
14:35:22.0140 5972 drvmcdb (7a6e688745eb7e75f735abac30d9c4c6) C:\WINDOWS\system32\drivers\drvmcdb.sys
14:35:22.0218 5972 drvmcdb - ok
14:35:22.0937 5972 drvnddm (ffc29800582d81df841385cd850cb05e) C:\WINDOWS\system32\drivers\drvnddm.sys
14:35:22.0953 5972 drvnddm - ok
14:35:23.0656 5972 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:35:23.0718 5972 E100B - ok
14:35:24.0281 5972 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:35:24.0296 5972 EapHost - ok
14:35:24.0906 5972 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:35:24.0921 5972 ERSvc - ok
14:35:25.0640 5972 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:35:25.0734 5972 Eventlog - ok
14:35:26.0640 5972 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
14:35:26.0734 5972 EventSystem - ok
14:35:27.0406 5972 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:35:27.0593 5972 Fastfat - ok
14:35:28.0234 5972 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:35:28.0375 5972 FastUserSwitchingCompatibility - ok
14:35:29.0156 5972 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:35:29.0281 5972 Fax - ok
14:35:30.0000 5972 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:35:30.0015 5972 Fdc - ok
14:35:30.0640 5972 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:35:30.0656 5972 Fips - ok
14:35:31.0296 5972 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:35:31.0312 5972 Flpydisk - ok
14:35:32.0234 5972 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:35:32.0296 5972 FltMgr - ok
14:35:33.0312 5972 Freedom (cbadd59460d45e9144f89fcc37656307) C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS
14:35:33.0328 5972 Freedom - ok
14:35:34.0125 5972 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:35:34.0125 5972 Fs_Rec - ok
14:35:35.0015 5972 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:35:35.0109 5972 Ftdisk - ok
14:35:35.0890 5972 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:35:35.0890 5972 gameenum - ok
14:35:36.0609 5972 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:35:36.0718 5972 Gpc - ok
14:35:37.0203 5972 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:35:37.0218 5972 helpsvc - ok
14:35:37.0906 5972 HidServ - ok
14:35:38.0515 5972 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:35:38.0593 5972 hkmsvc - ok
14:35:39.0375 5972 hpn - ok
14:35:39.0890 5972 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:35:40.0046 5972 hpqcxs08 - ok
14:35:40.0343 5972 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:35:40.0406 5972 hpqddsvc - ok
14:35:41.0078 5972 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
14:35:41.0375 5972 HPSLPSVC - ok
14:35:42.0046 5972 hpt3xx - ok
14:35:42.0828 5972 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:35:42.0968 5972 HTTP - ok
14:35:43.0515 5972 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:35:43.0640 5972 HTTPFilter - ok
14:35:44.0312 5972 i2omgmt - ok
14:35:45.0046 5972 i2omp - ok
14:35:45.0609 5972 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:35:45.0671 5972 i8042prt - ok
14:35:46.0531 5972 i81x (007dbb8f9c35df8f8a20b8e7c1204b8b) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:35:46.0656 5972 i81x - ok
14:35:47.0375 5972 iAimFP0 (19f03895ce0b9e7fb514e67bb17edcb5) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:35:47.0453 5972 iAimFP0 - ok
14:35:52.0203 5972 iAimFP1 (479278c265b596c4fc1a2e0f51e70736) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:35:52.0203 5972 iAimFP1 - ok
14:35:52.0843 5972 iAimFP2 (66317ecbed58d15541cad4ed60888430) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:35:52.0859 5972 iAimFP2 - ok
14:35:53.0453 5972 iAimFP3 (5807920dcd9fe760ffd733a1297d164a) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:35:53.0453 5972 iAimFP3 - ok
14:35:54.0109 5972 iAimFP4 (afb6725ddf3f417495ab99198979ffb1) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:35:54.0125 5972 iAimFP4 - ok
14:35:55.0000 5972 iAimTV0 (3de116fe9fc7f15b0a5e0e611b344236) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:35:55.0015 5972 iAimTV0 - ok
14:35:55.0734 5972 iAimTV1 (275b8ec3a1aa555e3f1586eaf1302ac5) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:35:55.0750 5972 iAimTV1 - ok
14:35:56.0421 5972 iAimTV3 (31d5981e35d0f158cd1031e0ee74c6fe) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:35:56.0437 5972 iAimTV3 - ok
14:35:57.0093 5972 iAimTV4 (78b4456a11582a927e9b1eca87d1e4f6) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:35:57.0156 5972 iAimTV4 - ok
14:35:57.0843 5972 ialm (2401c611c0a4168b08c8b4d05c9a0de6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:35:57.0937 5972 ialm - ok
14:35:58.0578 5972 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:35:58.0593 5972 Imapi - ok
14:35:59.0421 5972 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:35:59.0484 5972 ImapiService - ok
14:36:00.0187 5972 ini910u - ok
14:36:00.0875 5972 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:36:00.0875 5972 IntelIde - ok
14:36:01.0734 5972 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:36:01.0750 5972 intelppm - ok
14:36:02.0531 5972 ioloSystemService (54424f637b15d749f391e6b6ae4feefa) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
14:36:02.0890 5972 ioloSystemService - ok
14:36:03.0625 5972 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:36:03.0671 5972 ip6fw - ok
14:36:04.0609 5972 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:36:04.0625 5972 IpFilterDriver - ok
14:36:05.0765 5972 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:36:05.0781 5972 IpInIp - ok
14:36:06.0687 5972 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:36:06.0750 5972 IpNat - ok
14:36:07.0593 5972 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:36:07.0656 5972 IPSec - ok
14:36:09.0390 5972 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:36:09.0406 5972 IRENUM - ok
14:36:10.0218 5972 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:36:10.0265 5972 isapnp - ok
14:36:10.0718 5972 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
14:36:10.0828 5972 JavaQuickStarterService - ok
14:36:11.0828 5972 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:36:11.0843 5972 Kbdclass - ok
14:36:12.0718 5972 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:36:12.0812 5972 kmixer - ok
14:36:13.0609 5972 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:36:13.0671 5972 KSecDD - ok
14:36:14.0312 5972 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:36:14.0406 5972 lanmanserver - ok
14:36:15.0109 5972 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:36:15.0468 5972 lanmanworkstation - ok
14:36:16.0093 5972 lbrtfdc - ok
14:36:16.0796 5972 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:36:16.0812 5972 LmHosts - ok
14:36:17.0812 5972 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
14:36:18.0125 5972 ltmodem5 - ok
14:36:20.0609 5972 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
14:36:20.0687 5972 MBAMProtector - ok
14:36:21.0375 5972 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:36:21.0640 5972 MBAMService - ok
14:36:22.0234 5972 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:36:22.0250 5972 Messenger - ok
14:36:22.0968 5972 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:36:22.0968 5972 mnmdd - ok
14:36:23.0593 5972 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
14:36:23.0609 5972 mnmsrvc - ok
14:36:24.0437 5972 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:36:24.0500 5972 Modem - ok
14:36:25.0218 5972 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:36:25.0250 5972 Mouclass - ok
14:36:25.0906 5972 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:36:25.0937 5972 MountMgr - ok
14:36:26.0531 5972 mraid35x - ok
14:36:27.0281 5972 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:36:27.0359 5972 MRxDAV - ok
14:36:28.0500 5972 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:36:28.0859 5972 MRxSmb - ok
14:36:29.0468 5972 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
14:36:29.0484 5972 MSDTC - ok
14:36:30.0062 5972 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:36:30.0078 5972 Msfs - ok
14:36:30.0656 5972 MSIServer - ok
14:36:31.0281 5972 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:36:31.0328 5972 MSKSSRV - ok
14:36:31.0921 5972 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:36:31.0937 5972 MSPCLOCK - ok
14:36:32.0671 5972 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:36:32.0703 5972 MSPQM - ok
14:36:33.0375 5972 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:36:33.0390 5972 mssmbios - ok
14:36:34.0062 5972 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
14:36:34.0093 5972 ms_mpu401 - ok
14:36:34.0750 5972 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:36:34.0828 5972 Mup - ok
14:36:35.0625 5972 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:36:35.0750 5972 napagent - ok
14:36:36.0406 5972 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:36:36.0484 5972 NDIS - ok
14:36:37.0218 5972 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:36:37.0234 5972 NdisTapi - ok
14:36:37.0968 5972 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:36:38.0062 5972 Ndisuio - ok
14:36:38.0718 5972 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:36:38.0781 5972 NdisWan - ok
14:36:39.0500 5972 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:36:39.0625 5972 NDProxy - ok
14:36:40.0359 5972 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
14:36:40.0390 5972 Net Driver HPZ12 - ok
14:36:41.0125 5972 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:36:41.0171 5972 NetBIOS - ok
14:36:42.0171 5972 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:36:42.0265 5972 NetBT - ok
14:36:43.0046 5972 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:36:43.0109 5972 NetDDE - ok
14:36:43.0171 5972 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:36:43.0234 5972 NetDDEdsdm - ok
14:36:43.0781 5972 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:36:43.0796 5972 Netlogon - ok
14:36:44.0468 5972 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:36:44.0546 5972 Netman - ok
14:36:45.0250 5972 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:36:45.0390 5972 NIC1394 - ok
14:36:46.0078 5972 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:36:46.0187 5972 Nla - ok
14:36:47.0000 5972 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:36:47.0015 5972 Npfs - ok
14:36:48.0015 5972 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:36:48.0296 5972 Ntfs - ok
14:36:48.0843 5972 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:36:48.0859 5972 NtLmSsp - ok
14:36:49.0531 5972 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:36:49.0921 5972 NtmsSvc - ok
14:36:50.0796 5972 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:36:50.0796 5972 Null - ok
14:36:51.0937 5972 nv (ae292465aa6a7dba375a5afa949da83a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:36:52.0500 5972 nv - ok
14:36:53.0515 5972 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys
14:36:53.0906 5972 nv4 - ok
14:36:54.0500 5972 NVSvc (2b8fbd3e1e364871e06cd29c1424ddad) C:\WINDOWS\System32\nvsvc32.exe
14:36:54.0546 5972 NVSvc - ok
14:36:55.0265 5972 nv_agp (97e6e7dc388ac4d0052edc375b0e1a0c) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
14:36:55.0281 5972 nv_agp - ok
14:36:56.0015 5972 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:36:56.0062 5972 NwlnkFlt - ok
14:36:56.0781 5972 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:36:56.0875 5972 NwlnkFwd - ok
14:36:57.0468 5972 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:36:57.0718 5972 odserv - ok
14:36:58.0453 5972 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:36:58.0484 5972 ohci1394 - ok
14:36:59.0000 5972 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:36:59.0093 5972 ose - ok
14:37:01.0531 5972 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:37:04.0218 5972 osppsvc - ok
14:37:04.0968 5972 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
14:37:05.0031 5972 P3 - ok
14:37:05.0671 5972 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:37:05.0703 5972 Parport - ok
14:37:06.0437 5972 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:37:06.0453 5972 PartMgr - ok
14:37:07.0093 5972 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:37:07.0109 5972 ParVdm - ok
14:37:08.0046 5972 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:37:08.0140 5972 PCI - ok
14:37:08.0687 5972 PCIDump - ok
14:37:09.0453 5972 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:37:09.0468 5972 PCIIde - ok
14:37:10.0187 5972 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:37:10.0281 5972 Pcmcia - ok
14:37:10.0921 5972 PDCOMP - ok
14:37:11.0484 5972 PDFRAME - ok
14:37:12.0203 5972 PDRELI - ok
14:37:13.0156 5972 PDRFRAME - ok
14:37:13.0734 5972 perc2 - ok
14:37:14.0296 5972 perc2hib - ok
14:37:15.0015 5972 pfc (c4aa89518e8a2934eaf503c9587ff157) C:\WINDOWS\system32\drivers\pfc.sys
14:37:15.0015 5972 pfc - ok
14:37:15.0640 5972 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:37:15.0656 5972 PlugPlay - ok
14:37:16.0421 5972 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
14:37:16.0453 5972 Pml Driver HPZ12 - ok
14:37:17.0218 5972 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:17.0218 5972 PolicyAgent - ok
14:37:18.0015 5972 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:37:18.0109 5972 PptpMiniport - ok
14:37:18.0796 5972 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:37:18.0812 5972 Processor - ok
14:37:19.0515 5972 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:19.0515 5972 ProtectedStorage - ok
14:37:20.0171 5972 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
14:37:20.0218 5972 Ps2 - ok
14:37:20.0890 5972 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:37:20.0937 5972 PSched - ok
14:37:21.0609 5972 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:37:21.0625 5972 Ptilink - ok
14:37:22.0343 5972 PxHelp20 (79e924e9126bc541d6e1c76e9b077bb7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:37:22.0359 5972 PxHelp20 - ok
14:37:23.0015 5972 ql1080 - ok
14:37:23.0640 5972 Ql10wnt - ok
14:37:24.0218 5972 ql12160 - ok
14:37:24.0984 5972 ql1240 - ok
14:37:25.0593 5972 ql1280 - ok
14:37:26.0281 5972 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:37:26.0296 5972 RasAcd - ok
14:37:26.0921 5972 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:37:26.0984 5972 RasAuto - ok
14:37:27.0718 5972 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:37:27.0750 5972 Rasl2tp - ok
14:37:28.0500 5972 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:37:28.0609 5972 RasMan - ok
14:37:29.0390 5972 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:37:29.0437 5972 RasPppoe - ok
14:37:30.0453 5972 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:37:30.0468 5972 Raspti - ok
14:37:31.0437 5972 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:37:31.0500 5972 Rdbss - ok
14:37:32.0250 5972 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:37:32.0265 5972 RDPCDD - ok
14:37:33.0359 5972 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:37:33.0437 5972 RDPWD - ok
14:37:34.0265 5972 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:37:34.0328 5972 RDSessMgr - ok
14:37:35.0078 5972 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:37:35.0109 5972 redbook - ok
14:37:36.0031 5972 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:37:36.0078 5972 RemoteAccess - ok
14:37:37.0281 5972 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
14:37:37.0421 5972 RpcLocator - ok
14:37:38.0937 5972 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:37:38.0953 5972 RpcSs - ok
14:37:40.0125 5972 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:37:40.0250 5972 RSVP - ok
14:37:42.0625 5972 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
14:37:42.0921 5972 RTL8023xp - ok
14:37:43.0968 5972 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:37:44.0062 5972 rtl8139 - ok
14:37:45.0156 5972 RTLWUSB (c3880bf1bad0b8eb69efb07a9c3fa7d9) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
14:37:45.0406 5972 RTLWUSB - ok
14:37:46.0218 5972 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:37:46.0250 5972 SamSs - ok
14:37:46.0609 5972 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:37:46.0765 5972 SASDIFSV - ok
14:37:47.0250 5972 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:37:47.0375 5972 SASKUTIL - ok
14:37:48.0171 5972 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:37:48.0515 5972 SCardSvr - ok
14:37:49.0843 5972 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:37:49.0921 5972 Schedule - ok
14:37:50.0765 5972 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:37:50.0812 5972 Secdrv - ok
14:37:51.0515 5972 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:37:51.0531 5972 seclogon - ok
14:37:52.0140 5972 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:37:52.0156 5972 SENS - ok
14:37:52.0906 5972 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:37:52.0921 5972 Serenum - ok
14:37:53.0781 5972 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:37:53.0906 5972 Serial - ok
14:37:54.0781 5972 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:37:54.0796 5972 Sfloppy - ok
14:37:56.0046 5972 Sftfs (0692e5bf83b1f10102ba9bd240110b4e) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
14:37:56.0406 5972 Sftfs - ok
14:37:56.0937 5972 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
14:37:57.0234 5972 sftlist - ok
14:37:58.0312 5972 Sftplay (07bec1b450fd93dfce7341d41d422ab1) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
14:37:58.0640 5972 Sftplay - ok
14:37:59.0593 5972 Sftredir (3e65185232697f2190bd618ad050034a) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
14:37:59.0703 5972 Sftredir - ok
14:38:00.0921 5972 Sftvol (f372506bc97f14a41fb81bbe3223906b) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
14:38:00.0953 5972 Sftvol - ok
14:38:01.0421 5972 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
14:38:01.0531 5972 sftvsa - ok
14:38:02.0281 5972 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:38:02.0671 5972 SharedAccess - ok
14:38:03.0796 5972 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:38:03.0796 5972 ShellHWDetection - ok
14:38:05.0312 5972 Simbad - ok
14:38:08.0406 5972 SiS315 (47f18b4df6097f30c54f51ea075d1017) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
14:38:09.0046 5972 SiS315 - ok
14:38:12.0906 5972 SISAGP (c729eb60dd40948e5eb3fb53dc9cad44) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
14:38:13.0062 5972 SISAGP - ok
14:38:18.0234 5972 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
14:38:26.0125 5972 smwdm - ok
14:38:27.0796 5972 Sparrow - ok
14:38:29.0781 5972 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:38:29.0828 5972 splitter - ok
14:38:30.0843 5972 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:38:30.0906 5972 Spooler - ok
14:38:31.0984 5972 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:38:32.0062 5972 sr - ok
14:38:32.0906 5972 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:38:33.0125 5972 srservice - ok
14:38:34.0437 5972 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:38:35.0000 5972 Srv - ok
14:38:36.0453 5972 sscdbhk5 (4264ebe2edb3cae56d6ea734b0e0ac8e) C:\WINDOWS\system32\drivers\sscdbhk5.sys
14:38:36.0718 5972 sscdbhk5 - ok
14:38:37.0406 5972 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:38:37.0625 5972 SSDPSRV - ok
14:38:40.0453 5972 ssrtln (fdf219e0b6a5cbba34424ac361030aed) C:\WINDOWS\system32\drivers\ssrtln.sys
14:38:40.0546 5972 ssrtln - ok
14:38:42.0031 5972 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:38:42.0125 5972 StillCam - ok
14:38:43.0109 5972 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:38:43.0828 5972 stisvc - ok
14:38:44.0531 5972 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:38:44.0609 5972 swenum - ok
14:38:45.0500 5972 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:38:45.0515 5972 swmidi - ok
14:38:46.0109 5972 SwPrv - ok
14:38:46.0890 5972 symc810 - ok
14:38:47.0562 5972 symc8xx - ok
14:38:48.0328 5972 sym_hi - ok
14:38:49.0687 5972 sym_u3 - ok
14:38:50.0421 5972 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:38:50.0453 5972 sysaudio - ok
14:38:51.0156 5972 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:38:51.0218 5972 SysmonLog - ok
14:38:51.0890 5972 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:38:52.0015 5972 TapiSrv - ok
14:38:52.0750 5972 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:38:52.0906 5972 Tcpip - ok
14:38:53.0593 5972 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:38:53.0640 5972 TDPIPE - ok
14:38:54.0312 5972 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:38:54.0328 5972 TDTCP - ok
14:38:54.0890 5972 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:38:54.0906 5972 TermDD - ok
14:38:55.0515 5972 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:38:55.0687 5972 TermService - ok
14:38:56.0296 5972 tfsnboio (7f975769ab303c2432b31ba55e4569c7) C:\WINDOWS\system32\dla\tfsnboio.sys
14:38:56.0296 5972 tfsnboio - ok
14:38:56.0890 5972 tfsncofs (986e35f51ed3a824c69f5bd10a793098) C:\WINDOWS\system32\dla\tfsncofs.sys
14:38:56.0937 5972 tfsncofs - ok
14:38:57.0468 5972 tfsndrct (012c7884b9d06d05a8143241a3d56d06) C:\WINDOWS\system32\dla\tfsndrct.sys
14:38:57.0484 5972 tfsndrct - ok
14:38:58.0015 5972 tfsndres (42ca2c29a2ecd36b406c0e1d4db4ed23) C:\WINDOWS\system32\dla\tfsndres.sys
14:38:58.0015 5972 tfsndres - ok
14:38:58.0546 5972 tfsnifs (4b1267f6aa34ec2fd7a9ae9ecb292494) C:\WINDOWS\system32\dla\tfsnifs.sys
14:38:58.0609 5972 tfsnifs - ok
14:38:59.0125 5972 tfsnopio (90cfd937019cf62c7e9c656c01e0e6ad) C:\WINDOWS\system32\dla\tfsnopio.sys
14:38:59.0125 5972 tfsnopio - ok
14:38:59.0640 5972 tfsnpool (4474cb19867ea64aff26d36bf35c5bc9) C:\WINDOWS\system32\dla\tfsnpool.sys
14:38:59.0656 5972 tfsnpool - ok
14:39:00.0312 5972 tfsnudf (1cb0df2775be778819e8b53cd71250c5) C:\WINDOWS\system32\dla\tfsnudf.sys
14:39:00.0359 5972 tfsnudf - ok
14:39:01.0015 5972 tfsnudfa (e091f8b100e2f2f05d24bd4e1a86996b) C:\WINDOWS\system32\dla\tfsnudfa.sys
14:39:01.0078 5972 tfsnudfa - ok
14:39:01.0703 5972 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:39:01.0703 5972 Themes - ok
14:39:02.0312 5972 TosIde - ok
14:39:02.0906 5972 trid3d (77b27ee02e30b653cafe68bd01e952d1) C:\WINDOWS\system32\DRIVERS\trid3dm.sys
14:39:02.0968 5972 trid3d - ok
14:39:03.0515 5972 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:39:03.0562 5972 TrkWks - ok
14:39:04.0156 5972 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:39:04.0187 5972 Udfs - ok
14:39:04.0671 5972 ultra - ok
14:39:05.0296 5972 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:39:05.0468 5972 Update - ok
14:39:06.0062 5972 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:39:06.0156 5972 upnphost - ok
14:39:06.0656 5972 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:39:06.0671 5972 UPS - ok
14:39:07.0234 5972 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:39:07.0250 5972 usbccgp - ok
14:39:07.0781 5972 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:39:07.0796 5972 usbehci - ok
14:39:08.0359 5972 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:39:08.0390 5972 usbhub - ok
14:39:08.0953 5972 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:39:08.0968 5972 usbohci - ok
14:39:09.0453 5972 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:39:09.0484 5972 usbprint - ok
14:39:10.0000 5972 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:39:10.0015 5972 usbscan - ok
14:39:12.0593 5972 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:39:12.0625 5972 USBSTOR - ok
14:39:13.0171 5972 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:39:13.0187 5972 usbuhci - ok
14:39:13.0734 5972 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:39:13.0734 5972 VgaSave - ok
14:39:14.0296 5972 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:39:14.0328 5972 viaagp - ok
14:39:14.0843 5972 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:39:14.0843 5972 ViaIde - ok
14:39:15.0406 5972 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:39:15.0437 5972 VolSnap - ok
14:39:16.0109 5972 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:39:16.0250 5972 VSS - ok
14:39:16.0828 5972 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:39:16.0906 5972 W32Time - ok
14:39:17.0453 5972 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:39:17.0468 5972 Wanarp - ok
14:39:17.0968 5972 WDICA - ok
14:39:18.0531 5972 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:39:18.0562 5972 wdmaud - ok
14:39:19.0140 5972 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:39:19.0171 5972 WebClient - ok
14:39:19.0765 5972 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:39:19.0828 5972 winmgmt - ok
14:39:20.0375 5972 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
14:39:20.0437 5972 WmdmPmSN - ok
14:39:21.0343 5972 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:39:21.0406 5972 WmiApSrv - ok
14:39:21.0906 5972 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:39:22.0328 5972 WMPNetworkSvc - ok
14:39:22.0875 5972 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:39:22.0890 5972 WS2IFSL - ok
14:39:23.0468 5972 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:39:23.0500 5972 wscsvc - ok
14:39:24.0031 5972 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:39:24.0031 5972 wuauserv - ok
14:39:24.0609 5972 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:39:24.0640 5972 WudfPf - ok
14:39:25.0250 5972 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:39:25.0281 5972 WudfRd - ok
14:39:25.0828 5972 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:39:25.0875 5972 WudfSvc - ok
14:39:26.0625 5972 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:39:26.0859 5972 WZCSVC - ok
14:39:27.0406 5972 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:39:27.0468 5972 xmlprov - ok
14:39:28.0000 5972 {6080A529-897E-4629-A488-ABA0C29B635E} (231f08744f697b9732cce7f5020819bb) C:\WINDOWS\system32\drivers\ialmsbw.sys
14:39:28.0046 5972 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
14:39:28.0640 5972 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (54419fc58e342205adab380e3f4975e7) C:\WINDOWS\system32\drivers\ialmkchw.sys
14:39:28.0671 5972 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
14:39:28.0718 5972 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
14:39:29.0359 5972 \Device\Harddisk0\DR0 - ok
14:39:29.0375 5972 Boot (0x1200) (dc621038bdaf2ff31744998cd8f8a808) \Device\Harddisk0\DR0\Partition0
14:39:29.0375 5972 \Device\Harddisk0\DR0\Partition0 - ok
14:39:29.0406 5972 Boot (0x1200) (fd4a08ec59a6c8f8b6c7a5fb7f9a1321) \Device\Harddisk0\DR0\Partition1
14:39:29.0421 5972 \Device\Harddisk0\DR0\Partition1 - ok
14:39:29.0421 5972 ============================================================
14:39:29.0421 5972 Scan finished
14:39:29.0421 5972 ============================================================
14:39:29.0453 5824 Detected object count: 0
14:39:29.0453 5824 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-04 15:29:06
-----------------------------
15:29:06.390 OS Version: Windows 5.1.2600 Service Pack 3
15:29:06.390 Number of processors: 1 586 0x204
15:29:06.390 ComputerName: HP-M5D4U9R2UV UserName: Owner
15:29:13.062 Initialize success
15:30:04.937 AVAST engine defs: 12040400
15:30:54.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:30:54.359 Disk 0 Vendor: Maxtor_4D060H3 DAH017K0 Size: 58627MB BusType: 3
15:30:54.421 Disk 0 MBR read successfully
15:30:54.421 Disk 0 MBR scan
15:30:54.593 Disk 0 unknown MBR code
15:30:54.609 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4998 MB offset 63
15:30:54.640 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53621 MB offset 10236240
15:30:54.656 Disk 0 scanning sectors +120052800
15:30:54.843 Disk 0 scanning C:\WINDOWS\system32\drivers
15:31:34.437 Service scanning
15:33:07.921 Modules scanning
15:33:53.890 Disk 0 trace - called modules:
15:33:53.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
15:33:54.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8338bab8]
15:33:54.343 3 CLASSPNP.SYS[f8677fd7] -> nt!IofCallDriver -> \Device\00000066[0x833cff18]
15:33:54.359 5 ACPI.sys[f85ee620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8338e940]
15:33:56.562 AVAST engine scan C:\WINDOWS
15:34:12.015 AVAST engine scan C:\WINDOWS\system32
15:34:12.640 File: C:\WINDOWS\system32\2eQUn6C(3).com **INFECTED** Win32:Crypt-MEQ [Trj]
15:34:12.765 File: C:\WINDOWS\system32\2eQUn6C.com **INFECTED** Win32:Crypt-MEQ [Trj]
15:34:12.890 File: C:\WINDOWS\system32\2eQUn6C.com_ **INFECTED** Win32:Crypt-MEQ [Trj]
15:43:25.343 AVAST engine scan C:\WINDOWS\system32\drivers
15:44:17.390 AVAST engine scan C:\Documents and Settings\Owner
15:50:20.875 AVAST engine scan C:\Documents and Settings\All Users
15:54:11.093 Scan finished successfully
15:56:03.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
15:56:03.484 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:57 PM

Posted 04 April 2012 - 04:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
AtJob::
File::
C:\WINDOWS\system32\2eQUn6C(3).com
C:\WINDOWS\system32\2eQUn6C.com
C:\WINDOWS\system32\2eQUn6C.com_

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 April 2012 - 06:28 PM

Gringo,
Here is the Combofix log. No problems with running it. Not sure if I still have any problems yet. Let me know your thoughts.
Thank you,


ComboFix 12-04-04.02 - Owner 04/04/2012 17:25:58.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.141 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\2eQUn6C(3).com"
"c:\windows\system32\2eQUn6C.com"
"c:\windows\system32\2eQUn6C.com_"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\847HcDTH.exe
c:\documents and settings\All Users\Application Data\847HcDTH.exe_
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 16:03 . 2012-03-29 13:06 99328 ----a-w- c:\windows\system32\2eQUn6C.com
2012-04-03 14:25 . 2012-04-03 14:26 -------- d-----w- c:\program files\Cobian Backup 8
2012-04-03 14:19 . 2012-04-03 14:19 -------- d-----w- c:\program files\Cobian Backup 11
2012-04-02 19:54 . 2012-04-02 19:54 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-02 19:53 . 2012-04-02 19:53 -------- d-----w- c:\program files\Trend Micro
2012-04-02 18:40 . 2012-04-02 18:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2012-04-01 02:36 . 2012-04-01 02:36 -------- d-----w- c:\program files\CCleaner
2012-04-01 02:31 . 2012-04-01 02:31 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-04-01 02:12 . 2012-04-01 02:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-01 02:11 . 2012-04-01 02:11 -------- d-----w- c:\documents and settings\Owner\.frostwire5
2012-04-01 02:09 . 2012-04-01 02:09 -------- d-----w- c:\program files\NETGEAR
2012-03-31 04:01 . 2012-03-31 04:01 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-03-31 03:54 . 2012-04-04 13:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-03-31 03:54 . 2012-04-02 00:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-31 03:47 . 2012-04-01 02:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 03:47 . 2012-03-31 03:47 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-31 03:43 . 2012-04-01 02:10 -------- dcs---w- c:\documents and settings\Administrator
2012-03-30 01:03 . 2012-03-29 13:06 99328 ----a-w- c:\windows\system32\2eQUn6C(3).com
2012-03-29 18:07 . 2012-03-29 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\TestApp
2012-03-29 14:06 . 2012-03-29 14:06 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-03-29 14:06 . 2012-04-04 21:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData
2012-03-12 16:13 . 2012-03-12 16:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WorldWinner.com
2012-03-09 19:11 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-03-07 21:24 . 2012-04-01 02:10 -------- dc----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications
2012-03-07 17:24 . 2012-03-07 17:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SoftGrid Client
2012-03-07 17:24 . 2012-04-03 17:57 -------- d-----w- c:\documents and settings\Owner\Application Data\SoftGrid Client
2012-03-07 17:23 . 2012-03-07 17:23 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\{90140011-0061-0409-0000-0000000FF1CE}
2012-03-07 17:22 . 2012-04-03 16:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2012-03-07 17:19 . 2012-03-10 09:30 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\SoftGrid Client
2012-03-07 17:18 . 2012-03-09 09:12 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2012-03-07 17:18 . 2012-03-07 17:18 -------- dc----w- c:\documents and settings\All Users\Microsoft
2012-03-07 17:16 . 2012-03-07 17:25 -------- d-----w- c:\documents and settings\Owner\Application Data\TP
2012-03-07 16:49 . 2012-03-07 16:49 -------- d-----w- c:\windows\SHELLNEW
2012-03-07 16:46 . 2012-03-07 16:46 -------- dc----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 05:17 . 2012-01-24 17:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:22 . 2002-04-30 13:40 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-26 19:24 . 2012-01-26 19:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2012-01-24 17:55 . 2012-01-24 17:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-24 17:55 . 2012-01-24 17:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 18:19 . 2012-01-23 18:19 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-01-11 19:06 . 2012-02-23 19:00 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2002-04-30 13:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-06 19:46 . 2012-01-26 19:28 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 19:45 . 2012-01-26 19:28 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 19:44 . 2012-01-26 19:28 2084488 ----a-w- c:\windows\system32\Incinerator32.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-30 204288]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"LTMSG"="LTMSG.exe 7" [X]
"S3apphk"="S3apphk.exe" [2002-03-16 28672]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]
"nwiz"="nwiz.exe" [2002-03-09 364544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-03-12 155648]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-03-12 106496]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2012-2-23 1268192]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoPlay.exe [2001-9-17 36864]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Owner\Application Data\iolo
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 3:22 PM 822624]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/26/2012 2:28 PM 681656]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/24/2012 12:06 PM 652360]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 9:30 AM 508776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/24/2012 12:06 PM 20464]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2/23/2012 3:46 PM 272128]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 11:23 PM 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 11:23 PM 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 11:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 11:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 9:30 AM 219496]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe --> c:\program files\Cobian Backup 11\cbVSCService11.exe [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/21/2002 12:35 AM 144860]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\At1.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At10.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At11.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At12.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At13.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At14.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At15.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At16.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At17.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At18.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At19.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At2.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At20.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At21.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At22.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At23.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At24.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At25.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At26.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At27.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At28.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At29.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At3.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At30.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At31.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At32.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At33.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At34.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-04 c:\windows\Tasks\At35.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-04 c:\windows\Tasks\At36.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-02 c:\windows\Tasks\At37.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-02 c:\windows\Tasks\At38.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At39.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At4.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At40.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At41.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At42.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At43.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At44.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At45.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At46.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At47.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At48.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At5.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At6.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At7.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
2012-04-03 c:\windows\Tasks\At8.job
- c:\windows\system32\2eQUn6C.com_ [2012-04-02 13:06]
.
2012-04-03 c:\windows\Tasks\At9.job
- c:\windows\system32\2eQUn6C.com [2012-04-04 13:06]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://srch-us5.hpwis.com/
mSearch Bar = hxxp://srch-us5.hpwis.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA}
LSP: c:\windows\System32\ZKLSPR.DLL
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-04 18:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,e6,47,d6,24,54,34,47,ac,3c,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,e6,47,d6,24,54,34,47,ac,3c,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1348)
c:\windows\System32\ZKLSPR.DLL
c:\windows\system32\sxlrt232.dll
.
- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\hp\EXPLOREBAR\HPTOOLKT.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\S3apphk.exe
c:\windows\LTMSG.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-04-04 18:23:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 23:23
ComboFix2.txt 2012-04-04 14:38
.
Pre-Run: 24,562,008,064 bytes free
Post-Run: 24,797,270,016 bytes free
.
- - End Of File - - 59B76132BD52BE11C22BDFB5E563E93D

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:57 PM

Posted 04 April 2012 - 08:59 PM

Hello

It did not remove what I wanted it to remove


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 04 April 2012 - 11:47 PM

Gringo,
Here is the OTL log.
Thank you,

P.S. No change on the computer symptoms yet.

OTL logfile created on: 4/4/2012 10:46:23 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.52 Mb Total Physical Memory | 134.75 Mb Available Physical Memory | 26.40% Memory free
1.22 Gb Paging File | 0.70 Gb Available in Paging File | 57.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.36 Gb Total Space | 23.03 Gb Free Space | 43.97% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.75 Gb Free Space | 15.35% Space Free | Partition Type: FAT32
Drive E: | 288.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HP-M5D4U9R2UV | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\2eQUn6C.com ()
PRC - C:\WINDOWS\system32\2eQUn6C.com_ ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ltmsg.exe (Agere Systems)
PRC - C:\WINDOWS\system32\S3apphk.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\2eQUn6C.com_ ()
MOD - C:\WINDOWS\system32\2eQUn6C.com ()
MOD - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\S3apphk.exe ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (cbVSCService11) -- C:\Program Files\Cobian Backup 11\cbVSCService11.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\WINDOWS\system32\drivers\Sftvolxp.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\WINDOWS\system32\drivers\Sftredirxp.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\WINDOWS\system32\drivers\Sftplayxp.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\WINDOWS\system32\drivers\Sftfsxp.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Systems)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (trid3d) -- C:\WINDOWS\system32\drivers\trid3dm.sys (VIA Technologies, Inc.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (Freedom) -- C:\WINDOWS\system32\drivers\FREEDOM.sys (Zero-Knowledge Systems Inc.)
DRV - (nv_agp) -- C:\WINDOWS\system32\drivers\nv_agp.SYS (NVIDIA Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-customie9-chromesbox-en-us&tb_uuid=20120123183940790&tb_oid=23-01-2012&tb_mrud=23-01-2012


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\..\SearchScopes,DefaultScope = {B1A15B81-BDB1-4359-9225-D1A44DBB1F57}
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\..\SearchScopes\{B1A15B81-BDB1-4359-9225-D1A44DBB1F57}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/24 16:55:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/01/24 16:55:26 | 000,000,000 | ---D | M]

[2012/01/24 13:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2012/01/24 13:46:12 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

O1 HOSTS File: ([2012/04/04 18:06:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-56604596-1947078624-558522827-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-56604596-1947078624-558522827-1003\..\Toolbar\ShellBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKU\S-1-5-21-56604596-1947078624-558522827-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-56604596-1947078624-558522827-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-56604596-1947078624-558522827-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-56604596-1947078624-558522827-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-56604596-1947078624-558522827-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\ZKLSPR.DLL (Zero-Knowledge Systems Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games Backgammon)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB2CEECD-E467-4644-B6FD-F820C758B664}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/19 23:16:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/10/28 00:25:05 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Owner\Application Data\iolo)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 22:44:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/04 16:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/04/04 14:32:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/04/04 14:32:03 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/04/04 08:46:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/04 08:42:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/04 08:42:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/04 08:42:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/04 08:42:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/04 08:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/04 08:41:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/04 08:30:44 | 004,456,875 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/04/03 10:36:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2012/04/03 10:28:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2012/04/03 10:27:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/03 09:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 8
[2012/04/03 09:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2012/04/03 09:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cobian Backup 11
[2012/04/03 09:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2012/04/02 16:17:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/04/02 14:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2012/04/02 14:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/04/02 13:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2012/03/31 21:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/31 21:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/31 21:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/03/31 21:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/03/31 21:11:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.frostwire5
[2012/03/31 21:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WG111v2 Smart Wizard
[2012/03/31 21:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2012/03/31 20:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR(2)
[2012/03/30 23:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2012/03/30 22:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/30 22:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/03/30 22:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/30 22:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/03/30 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/30 22:22:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/03/29 13:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\malware
[2012/03/29 13:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TestApp
[2012/03/29 09:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/29 09:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/29 09:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\HPAppData
[2012/03/12 11:13:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WorldWinner.com
[2012/03/07 16:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2012/03/07 12:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SoftGrid Client
[2012/03/07 12:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2012/03/07 12:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Home and Student (English)
[2012/03/07 12:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/03/07 12:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2012/03/07 12:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/03/07 12:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/03/07 12:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TP
[2012/03/07 11:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/07 11:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/03/07 11:46:54 | 000,000,000 | R--D | C] -- C:\MSOCache
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/04 23:03:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/04/04 23:03:09 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/04/04 22:44:18 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/04 22:03:16 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/04/04 22:03:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/04/04 21:04:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/04/04 21:03:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/04/04 20:07:41 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/04/04 20:03:37 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/04/04 19:05:23 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/04/04 19:05:14 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/04/04 19:05:14 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/04/04 19:05:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/04 19:05:07 | 535,392,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 18:06:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/04 17:03:37 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/04/04 17:03:36 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/04/04 16:13:02 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/04/04 16:13:01 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/04/04 15:57:57 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2012/04/04 15:56:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/04 15:03:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/04/04 15:03:15 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/04/04 14:32:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/04/04 14:32:09 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2012/04/04 14:03:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/04/04 14:03:10 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/04/04 13:03:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/04/04 13:03:12 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/04/04 12:07:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/04/04 12:07:53 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/04/04 11:19:03 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/04/04 11:03:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/04/04 10:10:49 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/04/04 10:03:37 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/04/04 08:46:33 | 000,000,316 | RHS- | M] () -- C:\BOOT.INI
[2012/04/04 08:30:52 | 004,456,875 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2012/04/04 08:08:17 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/04/04 08:08:13 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/04/03 11:07:41 | 000,000,199 | ---- | M] () -- C:\Boot.bak
[2012/04/03 10:36:05 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/04/03 10:27:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/04/03 10:20:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/04/03 10:19:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/04/03 09:03:16 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/04/03 09:03:14 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/04/03 07:03:07 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/04/03 07:03:07 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/04/03 06:03:09 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/04/03 06:03:09 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/04/03 05:03:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/04/03 05:03:10 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/04/03 04:03:13 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/04/03 04:03:13 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/04/03 03:03:11 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/04/03 03:03:11 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/04/03 02:03:08 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/04/03 02:03:07 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/04/03 01:03:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/04/03 01:03:12 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/04/03 00:04:27 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/04/03 00:03:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/04/02 18:03:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/04/02 18:03:08 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/04/02 14:54:43 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2012/04/02 09:04:35 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iExplore.exe
[2012/04/01 19:54:50 | 000,026,444 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120401_195408.reg
[2012/03/31 21:37:44 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/31 21:37:44 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2012/03/31 21:36:36 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/31 21:32:22 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/31 21:20:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/31 06:03:29 | 000,021,560 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120331_060309.reg
[2012/03/29 13:11:18 | 000,625,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/29 08:26:54 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\3NL188.dat
[2012/03/29 08:06:32 | 000,099,328 | ---- | M] () -- C:\WINDOWS\System32\2eQUn6C.com_
[2012/03/29 08:06:32 | 000,099,328 | ---- | M] () -- C:\WINDOWS\System32\2eQUn6C.com
[2012/03/29 08:06:32 | 000,099,328 | ---- | M] () -- C:\WINDOWS\System32\2eQUn6C(3).com
[2012/03/15 03:28:53 | 000,319,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/15 03:28:53 | 000,042,538 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 03:24:28 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 15:55:35 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2012/03/14 15:55:06 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2012/03/09 14:22:50 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 21:03:02 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\2eQUn6C.com
[2012/04/04 15:57:57 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\spider.sav
[2012/04/04 15:56:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/04/04 08:46:33 | 000,000,199 | ---- | C] () -- C:\Boot.bak
[2012/04/04 08:46:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/04 08:42:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/04 08:42:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/04 08:42:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/04 08:42:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 08:42:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/03 11:07:41 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/04/03 11:07:41 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
[2012/04/03 10:36:05 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2012/04/03 10:20:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/04/03 10:19:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/04/02 14:53:56 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2012/04/02 14:39:15 | 535,392,256 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/02 12:03:14 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\2eQUn6C.com_
[2012/04/02 09:04:32 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iExplore.exe
[2012/04/01 19:54:15 | 000,026,444 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120401_195408.reg
[2012/03/31 21:37:44 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/31 21:37:44 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2012/03/31 21:36:35 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/31 21:32:22 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/31 06:03:16 | 000,021,560 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120331_060309.reg
[2012/03/29 20:03:03 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\2eQUn6C(3).com
[2012/03/29 13:10:17 | 000,625,786 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/29 08:04:49 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3NL188.dat
[2012/03/29 08:04:44 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2012/03/29 08:04:44 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2012/03/29 08:04:44 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2012/03/29 08:04:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2012/03/29 08:04:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2012/03/29 08:04:44 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2012/03/29 08:04:43 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2012/03/29 08:04:43 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/03/06 14:30:02 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Outlook Express.lnk
[2012/02/23 14:00:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/02 14:11:18 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/01/26 14:24:15 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/01/02 11:47:27 | 000,207,555 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2012/01/02 11:47:27 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2011/12/16 17:12:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2011/12/16 17:12:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Aud2Full.exe

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:57 PM

Posted 05 April 2012 - 12:24 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    PRC - C:\WINDOWS\system32\2eQUn6C.com ()
    PRC - C:\WINDOWS\system32\2eQUn6C.com_ ()
    MOD - C:\WINDOWS\system32\2eQUn6C.com_ ()
    MOD - C:\WINDOWS\system32\2eQUn6C.com ()
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = <http://srch-us5.hpwis.com/>
    IE - HKU\S-1-5-21-56604596-1947078624-558522827-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = <http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392>
    [2012/03/29 08:06:32 | 000,099,328 | ---- | M] () -- C:\WINDOWS\System32\2eQUn6C.com_
    [2012/03/29 08:06:32 | 000,099,328 | ---- | M] () -- C:\WINDOWS\System32\2eQUn6C.com
    [2012/03/29 08:06:32 | 000,099,328 | ---- | M] () -- C:\WINDOWS\System32\2eQUn6C(3).com
    :Files
    C:\WINDOWS\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 05 April 2012 - 12:47 AM

Here is the OTL Run Fix log:

========== OTL ==========
Process 2eQUn6C.com killed successfully!
No active process named 2eQUn6C.com_ was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-56604596-1947078624-558522827-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\WINDOWS\system32\2eQUn6C.com_ moved successfully.
C:\WINDOWS\system32\2eQUn6C.com moved successfully.
C:\WINDOWS\system32\2eQUn6C(3).com moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 2843 bytes

User: All Users

User: Default User
->Flash cache emptied: 56475 bytes

User: LocalService
->Flash cache emptied: 321 bytes

User: NetworkService
->Flash cache emptied: 39145 bytes

User: Owner
->Flash cache emptied: 940 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04052012_004215

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:57 PM

Posted 05 April 2012 - 12:57 AM

that looks like it removed it - how are things doing now?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 05 April 2012 - 01:03 AM

So far so good! I haven't had any random ads pop up. I am hoping that was it!! Thank you for your help!!! Any tips on speeding up my computer based off of the data you have for me?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:57 PM

Posted 05 April 2012 - 01:10 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 30 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 edisblest

edisblest
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 05 April 2012 - 07:43 AM

Good Morning Gringo,
Computer seems to no longer have the issues! When we are done with this one, I have another computer that seems to be close to "dying". Very slow and unresponsive. I am wondering if it could be due to Malware or Viruses? Would you be able to analyze it for me also? Let me know. Here are the logs you requested:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HP-M5D4U9R2UV [administrator]

4/5/2012 1:39:24 AM
mbam-log-2012-04-05 (01-39-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213971
Time elapsed: 36 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:38:39 AM, on 4/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\LTMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v54/wwspades/wwspades.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - Unknown owner - C:\Program Files\Cobian Backup 11\cbVSCService11.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8634 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users