Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirected


  • This topic is locked This topic is locked
19 replies to this topic

#1 Mike H.

Mike H.

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 05 April 2012 - 01:13 PM

Google search items being redirected.

I cannot locate the malware.

I have scanned with Malwarebytes, CCleaner, Spybot S&D, AVG2012 and its Rootkit scan, Norton TDSSKiller and Symantes Backdoor.Tidserve.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by HP_Owner at 16:48:11 on 2012-04-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2196 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\VERIZONDM\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
G:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\Cobian.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.excite.com/microsoft/ie40/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = proxy:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
mURLSearchHooks: AOLMAILTBSearch Class: {98572e47-b5fe-43de-9aea-492a1d3064cd} - c:\program files\aol email toolbar\aolmailtb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {102d7cb0-7e9c-4be6-a367-438d6db0874d} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3BD57223-9F1D-4484-B72F-BC1C5257B541} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {45698B67-1954-4A68-B559-957454464E9F} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E607A6D4-FB95-425C-83A8-713DECC6283F} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F0E314DB-EF85-4481-B47D-31D1107BAF29} - No File
BHO: {F1ADBEE0-4716-414B-ACF7-3544FB8E0E34} - No File
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: AOL Email Toolbar Loader: {fbea8524-8c72-4208-9d12-7fb73e9926eb} - c:\program files\aol email toolbar\aolmailtb.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - g:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-BAF1-49F8CCAB3ED4} - No File
TB: AOL Email Toolbar: {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - c:\program files\aol email toolbar\aolmailtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - g:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [Motive SmartBridge] c:\progra~1\verizon\smartb~1\MotiveSB.exe
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 7.0] "g:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - f:\program files\office10\OSA.EXE
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215347304125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6CE73081-C336-4414-B5F4-6BED2F36569A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: mowqpc.dll lawtax.dll ywoser.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 93.113.196.118 www.google.com
Hosts: 93.113.196.119 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\vaeqny4h.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\verizon\vsp\nprpspa.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2012-4-2 67584]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-12-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-12-1 185640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-5 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-5 136176]
S4 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2012-1-28 689464]
.
=============== Created Last 30 ================
.
2012-04-02 17:20:32 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\Safe mirror
2012-04-02 17:17:19 -------- d-----w- c:\program files\Cobian Backup 10
.
==================== Find3M ====================
.
2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2005-12-11 16:50:24 5037072 -c----w- c:\program files\spybotsd14.exe
2005-12-11 16:48:23 2855080 -c----w- c:\program files\aawsepersonal.exe
.
============= FINISH: 16:51:00.79 ===============

Attached Files

  • Attached File  dds.txt   13.87KB   1 downloads
  • Attached File  ark.txt   11.69KB   0 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 05 April 2012 - 11:48 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 09 April 2012 - 12:00 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Mike H.

Mike H.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 09 April 2012 - 07:07 AM

Hi Gringo,

I was really tied up over the past weekend.

I have downloaded the fix and am in the process of backing up some data.

I will run the fix and post the log later this morning.

Thanks,

Mike

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 09 April 2012 - 07:43 AM

:thumbup2: I will be around later today


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Mike H.

Mike H.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 09 April 2012 - 09:47 AM

Hi Gringo,

The ComboFix log report is below.

As you can see it took about 20 min. to run.

I did have to install the recovery console and it only required 1 reboot.

The Google redirection problem appears to have been resolved but I can't see in the log what or where the problem was.

I will wait to hear from you before I do any scans or cleanup on the PC.

Many Thanks for your assistance,

Mike H.




ComboFix 12-04-09.01 - HP_Owner 04/09/2012 10:03:50.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2493 [GMT -4:00]
Running from: f:\my documents\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\HP_Owner\Application Data\completescan
c:\documents and settings\HP_Owner\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\HP_Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\HP_Owner\WINDOWS
c:\windows\system32\_004231_.tmp(2)(2).dll
c:\windows\system32\_004274_.tmp(2)(2).dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\msnphoto.scr
c:\windows\system32\SET7065.tmp
c:\windows\system32\SET7071.tmp
c:\windows\system32\SET707E.tmp
D:\Autorun.inf
F:\AUTORUN.INF
F:\SETUP.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-02 17:20 . 2012-04-02 17:20 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Safe mirror
2012-04-02 17:17 . 2012-04-02 17:20 -------- d-----w- c:\program files\Cobian Backup 10
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 17:02 . 2012-02-25 17:02 65536 ------r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2012-02-25 17:02 . 2012-02-25 17:02 65536 ------r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2012-02-25 17:02 . 2012-02-25 17:02 65536 ------r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\ARPPRODUCTICON.exe
2012-02-03 09:22 . 2004-08-04 05:00 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 05:14 3072 ------w- c:\windows\system32\iacenc.dll
2005-12-11 16:50 . 2005-12-11 16:50 5037072 -c----w- c:\program files\spybotsd14.exe
2005-12-11 16:48 . 2005-12-11 16:48 2855080 -c----w- c:\program files\aawsepersonal.exe
2011-12-21 07:24 . 2012-01-02 17:30 121816 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56 262312 ------w- c:\program files\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56 86696 ------w- c:\program files\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 7.0"="g:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\37184568931211579468548792512163
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 23:35 49152 ------w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 00:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 00:50 81920 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 09:17 81920 -c----w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-25 22:40 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-w- g:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2011-01-10 16:56 4318520 ------w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"navapsvc"=3 (0x3)
"NPFMntor"=2 (0x2)
"NProtectService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=3 (0x3)
"gupdatem"=3 (0x3)
"Themes"=2 (0x2)
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"ServicepointService"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [4/2/2012 1:20 PM 67584]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 7:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 7:11 AM 185640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 5:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 16720]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 1:00 AM 14336]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2010 12:51 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2010 12:51 PM 136176]
S4 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [1/28/2012 7:15 PM 689464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2012-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d60a9678e4e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 16:51]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\vaeqny4h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{102d7cb0-7e9c-4be6-a367-438d6db0874d} - (no file)
BHO-{3BD57223-9F1D-4484-B72F-BC1C5257B541} - (no file)
BHO-{45698B67-1954-4A68-B559-957454464E9F} - (no file)
BHO-{E607A6D4-FB95-425C-83A8-713DECC6283F} - (no file)
BHO-{F0E314DB-EF85-4481-B47D-31D1107BAF29} - (no file)
BHO-{F1ADBEE0-4716-414B-ACF7-3544FB8E0E34} - (no file)
Toolbar-{A057A204-BACC-4D26-BAF1-49F8CCAB3ED4} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{A057A204-BACC-4D26-BAF1-49F8CCAB3ED4} - (no file)
SafeBoot-MCODS
SafeBoot-svcWRSSSDK
MSConfigStartUp-Advanced Tools Check - f:\system\NORTON~2\AdvTools\ADVCHK.EXE
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-NetDiagDeinstKey - c:\@home\Tools\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-09 10:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1728)
c:\windows\system32\WININET.dll
c:\progra~1\Verizon\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\hp\KBD\KBD.EXE
c:\windows\ALCXMNTR.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
**************************************************************************
.
Completion time: 2012-04-09 10:20:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 14:20
.
Pre-Run: 1,475,342,336 bytes free
Post-Run: 1,784,176,640 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 082A941638DCF2276B883BFD4632419D

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 09 April 2012 - 01:05 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Mike H.

Mike H.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 09 April 2012 - 05:36 PM

Hi Gringo,

Stil no redirection problems.

Attached are the logfiles from TDSSKiller and aswMBR.

There were 2 aswMBR files.

Mike H.

TDSSKiler:

18:00:31.0406 0976 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
18:00:31.0640 0976 ============================================================
18:00:31.0640 0976 Current date / time: 2012/04/09 18:00:31.0640
18:00:31.0640 0976 SystemInfo:
18:00:31.0640 0976
18:00:31.0640 0976 OS Version: 5.1.2600 ServicePack: 3.0
18:00:31.0640 0976 Product type: Workstation
18:00:31.0640 0976 ComputerName: Home
18:00:31.0640 0976 UserName: HP_Owner
18:00:31.0640 0976 Windows directory: C:\WINDOWS
18:00:31.0640 0976 System windows directory: C:\WINDOWS
18:00:31.0640 0976 Processor architecture: Intel x86
18:00:31.0640 0976 Number of processors: 1
18:00:31.0640 0976 Page size: 0x1000
18:00:31.0640 0976 Boot type: Normal boot
18:00:31.0640 0976 ============================================================
18:00:33.0468 0976 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:00:33.0484 0976 Drive \Device\Harddisk1\DR1 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:00:33.0562 0976 \Device\Harddisk0\DR0:
18:00:33.0562 0976 MBR used
18:00:33.0562 0976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xF07956
18:00:33.0562 0976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF07995, BlocksNum 0x3B7D96B
18:00:33.0562 0976 \Device\Harddisk1\DR1:
18:00:33.0562 0976 MBR used
18:00:33.0562 0976 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x927F49B
18:00:33.0578 0976 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x92833DA, BlocksNum 0x927F49B
18:00:33.0593 0976 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x125028B4, BlocksNum 0x927F49B
18:00:33.0609 0976 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1B781D8E, BlocksNum 0x7770D35
18:00:33.0781 0976 Initialize success
18:00:33.0781 0976 ============================================================
18:01:03.0750 0764 ============================================================
18:01:03.0750 0764 Scan started
18:01:03.0750 0764 Mode: Manual;
18:01:03.0750 0764 ============================================================
18:01:04.0406 0764 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll
18:01:04.0406 0764 6to4 - ok
18:01:04.0500 0764 Abiosdsk - ok
18:01:04.0593 0764 abp480n5 - ok
18:01:04.0718 0764 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:01:04.0718 0764 ACPI - ok
18:01:04.0828 0764 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:01:04.0828 0764 ACPIEC - ok
18:01:04.0906 0764 Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:01:04.0906 0764 Adobe LM Service - ok
18:01:05.0000 0764 adpu160m - ok
18:01:05.0062 0764 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:01:05.0062 0764 aec - ok
18:01:05.0218 0764 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:01:05.0218 0764 AFD - ok
18:01:05.0281 0764 AgereModemAudio (6416f9b6b220f0a890525c38235afad7) C:\Program Files\LSI SoftModem\agrsmsvc.exe
18:01:05.0281 0764 AgereModemAudio - ok
18:01:05.0468 0764 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:01:05.0562 0764 AgereSoftModem - ok
18:01:05.0687 0764 Aha154x - ok
18:01:05.0734 0764 aic78u2 - ok
18:01:05.0828 0764 aic78xx - ok
18:01:06.0015 0764 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
18:01:06.0078 0764 ALCXWDM - ok
18:01:06.0203 0764 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:01:06.0203 0764 Alerter - ok
18:01:06.0312 0764 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:01:06.0312 0764 ALG - ok
18:01:06.0421 0764 AliIde - ok
18:01:06.0515 0764 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:01:06.0515 0764 AmdK8 - ok
18:01:06.0609 0764 amsint - ok
18:01:06.0703 0764 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:01:06.0703 0764 Apple Mobile Device - ok
18:01:06.0781 0764 AppMgmt - ok
18:01:06.0859 0764 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:01:06.0875 0764 Arp1394 - ok
18:01:06.0937 0764 asc - ok
18:01:07.0046 0764 asc3350p - ok
18:01:07.0125 0764 asc3550 - ok
18:01:07.0281 0764 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:01:07.0328 0764 aspnet_state - ok
18:01:07.0468 0764 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:01:07.0468 0764 AsyncMac - ok
18:01:07.0578 0764 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:01:07.0578 0764 atapi - ok
18:01:07.0687 0764 Atdisk - ok
18:01:07.0796 0764 Ati HotKey Poller (d33427f6c2b7814100b5bd315e23c12c) C:\WINDOWS\system32\Ati2evxx.exe
18:01:07.0812 0764 Ati HotKey Poller - ok
18:01:08.0000 0764 ati2mtag (b33a281dcdf455b069816790275050a7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:01:08.0046 0764 ati2mtag - ok
18:01:08.0187 0764 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:01:08.0187 0764 Atmarpc - ok
18:01:08.0296 0764 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:01:08.0296 0764 AudioSrv - ok
18:01:08.0406 0764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:01:08.0406 0764 audstub - ok
18:01:08.0515 0764 Automatic LiveUpdate Scheduler (7768ce75c5cbf0d8f441ce2bbd806b7f) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
18:01:08.0531 0764 Automatic LiveUpdate Scheduler - ok
18:01:08.0750 0764 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
18:01:08.0890 0764 AVGIDSAgent - ok
18:01:09.0046 0764 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:01:09.0046 0764 AVGIDSDriver - ok
18:01:09.0187 0764 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:01:09.0187 0764 AVGIDSEH - ok
18:01:09.0281 0764 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:01:09.0281 0764 AVGIDSFilter - ok
18:01:09.0421 0764 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:01:09.0421 0764 AVGIDSShim - ok
18:01:09.0515 0764 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:01:09.0531 0764 Avgldx86 - ok
18:01:09.0671 0764 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:01:09.0671 0764 Avgmfx86 - ok
18:01:09.0828 0764 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:01:09.0828 0764 Avgrkx86 - ok
18:01:09.0953 0764 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:01:09.0953 0764 Avgtdix - ok
18:01:10.0078 0764 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:01:10.0078 0764 avgwd - ok
18:01:10.0218 0764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:01:10.0218 0764 Beep - ok
18:01:10.0296 0764 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:01:10.0343 0764 BITS - ok
18:01:10.0453 0764 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
18:01:10.0468 0764 Bonjour Service - ok
18:01:10.0578 0764 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:01:10.0593 0764 Browser - ok
18:01:10.0609 0764 catchme - ok
18:01:10.0750 0764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:01:10.0750 0764 cbidf2k - ok
18:01:10.0843 0764 cbVSCService (ed5411a69c5bac78d245c893af64352a) C:\Program Files\Cobian Backup 10\cbVSCService.exe
18:01:10.0843 0764 cbVSCService - ok
18:01:10.0953 0764 cd20xrnt - ok
18:01:11.0078 0764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:01:11.0078 0764 Cdaudio - ok
18:01:11.0171 0764 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:01:11.0171 0764 Cdfs - ok
18:01:11.0265 0764 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:01:11.0265 0764 Cdrom - ok
18:01:11.0375 0764 Changer - ok
18:01:11.0437 0764 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:01:11.0437 0764 CiSvc - ok
18:01:11.0546 0764 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:01:11.0546 0764 ClipSrv - ok
18:01:11.0671 0764 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:01:11.0734 0764 clr_optimization_v2.0.50727_32 - ok
18:01:11.0843 0764 CmdIde - ok
18:01:11.0875 0764 COMSysApp - ok
18:01:11.0968 0764 Cpqarray - ok
18:01:12.0046 0764 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:01:12.0046 0764 CryptSvc - ok
18:01:12.0156 0764 dac2w2k - ok
18:01:12.0218 0764 dac960nt - ok
18:01:12.0281 0764 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:01:12.0312 0764 DcomLaunch - ok
18:01:12.0421 0764 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:01:12.0421 0764 Dhcp - ok
18:01:12.0562 0764 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:01:12.0562 0764 Disk - ok
18:01:12.0593 0764 dmadmin - ok
18:01:12.0703 0764 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:01:12.0734 0764 dmboot - ok
18:01:12.0859 0764 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:01:12.0859 0764 dmio - ok
18:01:12.0953 0764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:01:12.0953 0764 dmload - ok
18:01:13.0046 0764 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:01:13.0046 0764 dmserver - ok
18:01:13.0140 0764 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:01:13.0140 0764 DMusic - ok
18:01:13.0265 0764 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:01:13.0265 0764 Dnscache - ok
18:01:13.0375 0764 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:01:13.0375 0764 Dot3svc - ok
18:01:13.0500 0764 dpti2o - ok
18:01:13.0609 0764 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:01:13.0609 0764 drmkaud - ok
18:01:13.0718 0764 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:01:13.0718 0764 EapHost - ok
18:01:13.0812 0764 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:01:13.0812 0764 ERSvc - ok
18:01:13.0906 0764 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:01:13.0906 0764 Eventlog - ok
18:01:14.0046 0764 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:01:14.0062 0764 EventSystem - ok
18:01:14.0203 0764 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:01:14.0203 0764 Fastfat - ok
18:01:14.0296 0764 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:01:14.0296 0764 FastUserSwitchingCompatibility - ok
18:01:14.0406 0764 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:01:14.0406 0764 Fax - ok
18:01:14.0546 0764 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:01:14.0546 0764 Fdc - ok
18:01:14.0671 0764 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:01:14.0671 0764 Fips - ok
18:01:14.0765 0764 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:01:14.0765 0764 Flpydisk - ok
18:01:14.0906 0764 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:01:14.0906 0764 FltMgr - ok
18:01:15.0015 0764 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:01:15.0015 0764 FontCache3.0.0.0 - ok
18:01:15.0140 0764 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:01:15.0140 0764 Fs_Rec - ok
18:01:15.0281 0764 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:01:15.0281 0764 Ftdisk - ok
18:01:15.0390 0764 ftsata2 - ok
18:01:15.0468 0764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:01:15.0484 0764 GEARAspiWDM - ok
18:01:15.0562 0764 getPlusHelper (fd7e9aba274df75e08320420b8e9a1d5) C:\Program Files\NOS\bin\getPlus_Helper.dll
18:01:15.0593 0764 getPlusHelper - ok
18:01:15.0750 0764 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:01:15.0765 0764 Gpc - ok
18:01:15.0859 0764 gupdate - ok
18:01:15.0859 0764 gupdatem - ok
18:01:15.0906 0764 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:01:15.0937 0764 gusvc - ok
18:01:16.0078 0764 hamachi_oem (c25c70fd4d49391091d9eb8c747f19e6) C:\WINDOWS\system32\DRIVERS\gan_adapter.sys
18:01:16.0140 0764 hamachi_oem - ok
18:01:16.0250 0764 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:01:16.0265 0764 helpsvc - ok
18:01:16.0343 0764 HidServ - ok
18:01:16.0453 0764 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:01:16.0453 0764 HidUsb - ok
18:01:16.0546 0764 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:01:16.0546 0764 hkmsvc - ok
18:01:16.0656 0764 hpn - ok
18:01:16.0828 0764 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:01:16.0843 0764 hpqcxs08 - ok
18:01:17.0015 0764 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:01:17.0015 0764 hpqddsvc - ok
18:01:17.0125 0764 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:01:17.0140 0764 HPZid412 - ok
18:01:17.0234 0764 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:01:17.0234 0764 HPZipr12 - ok
18:01:17.0375 0764 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:01:17.0375 0764 HPZius12 - ok
18:01:17.0500 0764 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:01:17.0515 0764 HTTP - ok
18:01:17.0609 0764 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:01:17.0609 0764 HTTPFilter - ok
18:01:17.0718 0764 i2omgmt - ok
18:01:17.0781 0764 i2omp - ok
18:01:17.0890 0764 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:01:17.0906 0764 i8042prt - ok
18:01:18.0046 0764 iaStor (79ae2a97c120f282845d854d0f070ea9) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:01:18.0078 0764 iaStor - ok
18:01:18.0187 0764 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:01:18.0203 0764 IDriverT - ok
18:01:18.0312 0764 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:01:18.0375 0764 idsvc - ok
18:01:18.0500 0764 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:01:18.0500 0764 Imapi - ok
18:01:18.0593 0764 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:01:18.0593 0764 ImapiService - ok
18:01:18.0734 0764 ini910u - ok
18:01:18.0812 0764 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:01:18.0812 0764 IntelIde - ok
18:01:18.0921 0764 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:01:18.0921 0764 intelppm - ok
18:01:19.0031 0764 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:01:19.0031 0764 Ip6Fw - ok
18:01:19.0156 0764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:01:19.0156 0764 IpFilterDriver - ok
18:01:19.0218 0764 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:01:19.0218 0764 IpInIp - ok
18:01:19.0343 0764 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:01:19.0359 0764 IpNat - ok
18:01:19.0437 0764 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
18:01:19.0468 0764 iPod Service - ok
18:01:19.0562 0764 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:01:19.0562 0764 IPSec - ok
18:01:19.0734 0764 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:01:19.0734 0764 IRENUM - ok
18:01:19.0875 0764 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:01:19.0875 0764 isapnp - ok
18:01:20.0015 0764 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
18:01:20.0046 0764 JavaQuickStarterService - ok
18:01:20.0171 0764 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:01:20.0171 0764 Kbdclass - ok
18:01:20.0250 0764 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:01:20.0265 0764 kmixer - ok
18:01:20.0390 0764 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:01:20.0390 0764 KSecDD - ok
18:01:20.0500 0764 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:01:20.0500 0764 lanmanserver - ok
18:01:20.0625 0764 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:01:20.0640 0764 lanmanworkstation - ok
18:01:20.0734 0764 Lbd - ok
18:01:20.0781 0764 lbrtfdc - ok
18:01:20.0968 0764 LiveUpdate (fb466faa799eace5075fc1de269f0066) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:01:21.0062 0764 LiveUpdate - ok
18:01:21.0171 0764 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:01:21.0171 0764 LmHosts - ok
18:01:21.0265 0764 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
18:01:21.0265 0764 McciCMService - ok
18:01:21.0312 0764 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:01:21.0328 0764 MDM - ok
18:01:21.0437 0764 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:01:21.0453 0764 Messenger - ok
18:01:21.0562 0764 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:01:21.0562 0764 mnmdd - ok
18:01:21.0625 0764 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:01:21.0640 0764 mnmsrvc - ok
18:01:21.0765 0764 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:01:21.0765 0764 Modem - ok
18:01:21.0875 0764 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:01:21.0875 0764 Mouclass - ok
18:01:21.0984 0764 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:01:21.0984 0764 mouhid - ok
18:01:22.0093 0764 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:01:22.0093 0764 MountMgr - ok
18:01:22.0187 0764 mraid35x - ok
18:01:22.0265 0764 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:01:22.0390 0764 MREMP50 - ok
18:01:22.0421 0764 MREMP50a64 - ok
18:01:22.0437 0764 MREMPR5 - ok
18:01:22.0453 0764 MRENDIS5 - ok
18:01:22.0484 0764 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:01:22.0578 0764 MRESP50 - ok
18:01:22.0671 0764 MRESP50a64 - ok
18:01:22.0781 0764 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:01:22.0796 0764 MRxDAV - ok
18:01:22.0921 0764 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:01:22.0937 0764 MRxSmb - ok
18:01:23.0046 0764 MSCSPTISRV (f1534aca143ca86cd57672953754fab0) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
18:01:23.0156 0764 MSCSPTISRV - ok
18:01:23.0265 0764 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:01:23.0265 0764 MSDTC - ok
18:01:23.0375 0764 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:01:23.0375 0764 Msfs - ok
18:01:23.0468 0764 MSIServer - ok
18:01:23.0531 0764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:01:23.0531 0764 MSKSSRV - ok
18:01:23.0640 0764 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:01:23.0640 0764 MSPCLOCK - ok
18:01:23.0750 0764 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:01:23.0750 0764 MSPQM - ok
18:01:23.0812 0764 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:01:23.0812 0764 mssmbios - ok
18:01:23.0937 0764 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:01:23.0937 0764 Mup - ok
18:01:24.0062 0764 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:01:24.0078 0764 napagent - ok
18:01:24.0187 0764 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:01:24.0203 0764 NDIS - ok
18:01:24.0312 0764 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:01:24.0312 0764 NdisTapi - ok
18:01:24.0421 0764 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:01:24.0421 0764 Ndisuio - ok
18:01:24.0562 0764 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:01:24.0562 0764 NdisWan - ok
18:01:24.0703 0764 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:01:24.0718 0764 NDProxy - ok
18:01:24.0843 0764 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
18:01:24.0843 0764 Net Driver HPZ12 - ok
18:01:24.0937 0764 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:01:24.0937 0764 NetBIOS - ok
18:01:25.0000 0764 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:01:25.0000 0764 NetBT - ok
18:01:25.0125 0764 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:01:25.0125 0764 NetDDE - ok
18:01:25.0140 0764 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:01:25.0140 0764 NetDDEdsdm - ok
18:01:25.0203 0764 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:01:25.0203 0764 Netlogon - ok
18:01:25.0328 0764 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:01:25.0328 0764 Netman - ok
18:01:25.0437 0764 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:01:25.0437 0764 NetTcpPortSharing - ok
18:01:25.0515 0764 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:01:25.0515 0764 NIC1394 - ok
18:01:25.0625 0764 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:01:25.0640 0764 Nla - ok
18:01:25.0734 0764 nosGetPlusHelper (eb900c136e660a8deb657be134c3bcd9) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
18:01:25.0781 0764 nosGetPlusHelper - ok
18:01:25.0890 0764 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:01:25.0890 0764 Npfs - ok
18:01:25.0937 0764 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:01:25.0968 0764 Ntfs - ok
18:01:26.0062 0764 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:01:26.0062 0764 NtLmSsp - ok
18:01:26.0203 0764 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:01:26.0218 0764 NtmsSvc - ok
18:01:26.0328 0764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:01:26.0328 0764 Null - ok
18:01:26.0390 0764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:01:26.0390 0764 NwlnkFlt - ok
18:01:26.0500 0764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:01:26.0500 0764 NwlnkFwd - ok
18:01:26.0578 0764 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:01:26.0578 0764 ohci1394 - ok
18:01:26.0703 0764 PACSPTISVR (17bb6b38de8c2bda692ca1db0cea7325) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
18:01:26.0781 0764 PACSPTISVR - ok
18:01:26.0890 0764 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:01:26.0890 0764 Parport - ok
18:01:26.0953 0764 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:01:26.0953 0764 PartMgr - ok
18:01:27.0000 0764 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:01:27.0000 0764 ParVdm - ok
18:01:27.0109 0764 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:01:27.0109 0764 PCI - ok
18:01:27.0140 0764 PCIDump - ok
18:01:27.0265 0764 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:01:27.0265 0764 PCIIde - ok
18:01:27.0375 0764 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:01:27.0390 0764 Pcmcia - ok
18:01:27.0468 0764 PDCOMP - ok
18:01:27.0500 0764 PDFRAME - ok
18:01:27.0546 0764 PDRELI - ok
18:01:27.0578 0764 PDRFRAME - ok
18:01:27.0609 0764 perc2 - ok
18:01:27.0671 0764 perc2hib - ok
18:01:27.0718 0764 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:01:27.0718 0764 PlugPlay - ok
18:01:27.0781 0764 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
18:01:27.0796 0764 Pml Driver HPZ12 - ok
18:01:27.0890 0764 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:01:27.0890 0764 PolicyAgent - ok
18:01:27.0953 0764 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:01:27.0968 0764 PptpMiniport - ok
18:01:28.0062 0764 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:01:28.0062 0764 Processor - ok
18:01:28.0109 0764 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:01:28.0109 0764 ProtectedStorage - ok
18:01:28.0234 0764 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
18:01:28.0328 0764 Ps2 - ok
18:01:28.0437 0764 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:01:28.0437 0764 PSched - ok
18:01:28.0500 0764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:01:28.0500 0764 Ptilink - ok
18:01:28.0609 0764 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:01:28.0609 0764 PxHelp20 - ok
18:01:28.0718 0764 ql1080 - ok
18:01:28.0781 0764 Ql10wnt - ok
18:01:28.0812 0764 ql12160 - ok
18:01:28.0843 0764 ql1240 - ok
18:01:28.0875 0764 ql1280 - ok
18:01:28.0937 0764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:01:28.0937 0764 RasAcd - ok
18:01:29.0062 0764 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:01:29.0062 0764 RasAuto - ok
18:01:29.0171 0764 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:01:29.0171 0764 Rasl2tp - ok
18:01:29.0250 0764 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:01:29.0250 0764 RasMan - ok
18:01:29.0375 0764 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:01:29.0375 0764 RasPppoe - ok
18:01:29.0468 0764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:01:29.0468 0764 Raspti - ok
18:01:29.0578 0764 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:01:29.0593 0764 Rdbss - ok
18:01:29.0703 0764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:01:29.0703 0764 RDPCDD - ok
18:01:29.0781 0764 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:01:29.0781 0764 RDPWD - ok
18:01:29.0890 0764 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:01:29.0906 0764 RDSessMgr - ok
18:01:30.0000 0764 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:01:30.0000 0764 redbook - ok
18:01:30.0125 0764 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:01:30.0125 0764 RemoteAccess - ok
18:01:30.0250 0764 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:01:30.0250 0764 RpcLocator - ok
18:01:30.0375 0764 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:01:30.0375 0764 RpcSs - ok
18:01:30.0484 0764 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:01:30.0484 0764 RSVP - ok
18:01:30.0562 0764 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
18:01:30.0578 0764 RTL8023xp - ok
18:01:30.0750 0764 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:01:30.0750 0764 rtl8139 - ok
18:01:30.0843 0764 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:01:30.0843 0764 SamSs - ok
18:01:30.0953 0764 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:01:30.0968 0764 SCardSvr - ok
18:01:31.0078 0764 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:01:31.0078 0764 Schedule - ok
18:01:31.0187 0764 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:01:31.0218 0764 Secdrv - ok
18:01:31.0328 0764 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:01:31.0343 0764 seclogon - ok
18:01:31.0437 0764 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:01:31.0437 0764 SENS - ok
18:01:31.0562 0764 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:01:31.0562 0764 Serial - ok
18:01:31.0718 0764 ServicepointService (b041aae7a14a0db47583f9c866b8b2ea) C:\Program Files\Verizon\VSP\ServicepointService.exe
18:01:31.0750 0764 ServicepointService - ok
18:01:31.0890 0764 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:01:31.0890 0764 Sfloppy - ok
18:01:32.0000 0764 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:01:32.0015 0764 SharedAccess - ok
18:01:32.0140 0764 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:01:32.0140 0764 ShellHWDetection - ok
18:01:32.0250 0764 Simbad - ok
18:01:32.0343 0764 Sparrow - ok
18:01:32.0453 0764 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:01:32.0453 0764 splitter - ok
18:01:32.0531 0764 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:01:32.0531 0764 Spooler - ok
18:01:32.0609 0764 sprtsvc_verizondm - ok
18:01:32.0718 0764 SPTISRV (3980b48dff300a7e4139f5c64da65f5c) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
18:01:32.0828 0764 SPTISRV - ok
18:01:32.0953 0764 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:01:32.0953 0764 sr - ok
18:01:33.0015 0764 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:01:33.0015 0764 srservice - ok
18:01:33.0171 0764 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:01:33.0187 0764 Srv - ok
18:01:33.0281 0764 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:01:33.0281 0764 SSDPSRV - ok
18:01:33.0375 0764 SSScsiSV (3dbade5b4aa47c245a69e99d72b8e73b) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
18:01:33.0390 0764 SSScsiSV - ok
18:01:33.0500 0764 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:01:33.0515 0764 stisvc - ok
18:01:33.0609 0764 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:01:33.0625 0764 swenum - ok
18:01:33.0703 0764 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:01:33.0703 0764 swmidi - ok
18:01:33.0734 0764 SwPrv - ok
18:01:33.0812 0764 symc810 - ok
18:01:33.0843 0764 symc8xx - ok
18:01:33.0937 0764 SYMIDSCO - ok
18:01:34.0046 0764 sym_hi - ok
18:01:34.0125 0764 sym_u3 - ok
18:01:34.0234 0764 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:01:34.0234 0764 sysaudio - ok
18:01:34.0359 0764 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:01:34.0359 0764 SysmonLog - ok
18:01:34.0484 0764 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:01:34.0484 0764 TapiSrv - ok
18:01:34.0687 0764 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:01:34.0718 0764 Tcpip - ok
18:01:34.0859 0764 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:01:34.0859 0764 Tcpip6 - ok
18:01:34.0984 0764 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:01:34.0984 0764 TDPIPE - ok
18:01:35.0093 0764 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:01:35.0093 0764 TDTCP - ok
18:01:35.0218 0764 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:01:35.0218 0764 TermDD - ok
18:01:35.0281 0764 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:01:35.0312 0764 TermService - ok
18:01:35.0375 0764 tgsrvc_verizondm - ok
18:01:35.0484 0764 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:01:35.0484 0764 Themes - ok
18:01:35.0609 0764 TosIde - ok
18:01:35.0812 0764 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:01:35.0812 0764 TrkWks - ok
18:01:35.0953 0764 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:01:35.0953 0764 tunmp - ok
18:01:36.0062 0764 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:01:36.0062 0764 Udfs - ok
18:01:36.0187 0764 ultra - ok
18:01:36.0296 0764 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:01:36.0312 0764 Update - ok
18:01:36.0421 0764 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:01:36.0437 0764 upnphost - ok
18:01:36.0531 0764 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:01:36.0531 0764 UPS - ok
18:01:36.0656 0764 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:01:36.0671 0764 usbccgp - ok
18:01:36.0750 0764 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:01:36.0750 0764 usbehci - ok
18:01:36.0890 0764 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:01:36.0890 0764 usbhub - ok
18:01:36.0968 0764 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:01:36.0968 0764 usbohci - ok
18:01:37.0109 0764 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:01:37.0109 0764 usbprint - ok
18:01:37.0171 0764 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:01:37.0187 0764 usbscan - ok
18:01:37.0312 0764 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:01:37.0312 0764 usbstor - ok
18:01:37.0390 0764 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:01:37.0390 0764 usbuhci - ok
18:01:37.0453 0764 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:01:37.0453 0764 VgaSave - ok
18:01:37.0578 0764 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:01:37.0578 0764 ViaIde - ok
18:01:37.0671 0764 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:01:37.0671 0764 VolSnap - ok
18:01:37.0781 0764 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:01:37.0796 0764 VSS - ok
18:01:37.0906 0764 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:01:37.0921 0764 W32Time - ok
18:01:38.0046 0764 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:01:38.0062 0764 Wanarp - ok
18:01:38.0140 0764 wanatw - ok
18:01:38.0265 0764 WDICA - ok
18:01:38.0343 0764 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:01:38.0343 0764 wdmaud - ok
18:01:38.0453 0764 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:01:38.0453 0764 WebClient - ok
18:01:38.0593 0764 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:01:38.0593 0764 winmgmt - ok
18:01:38.0703 0764 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:01:38.0968 0764 WLSetupSvc - ok
18:01:39.0078 0764 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:01:39.0093 0764 WmdmPmSN - ok
18:01:39.0234 0764 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:01:39.0234 0764 WmiApSrv - ok
18:01:39.0328 0764 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:01:39.0359 0764 WMPNetworkSvc - ok
18:01:39.0515 0764 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:01:39.0625 0764 WpdUsb - ok
18:01:39.0781 0764 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:01:39.0781 0764 WS2IFSL - ok
18:01:39.0843 0764 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:01:39.0843 0764 wscsvc - ok
18:01:39.0953 0764 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:01:39.0953 0764 wuauserv - ok
18:01:40.0109 0764 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:01:40.0109 0764 WudfPf - ok
18:01:40.0187 0764 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:01:40.0296 0764 WudfRd - ok
18:01:40.0421 0764 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:01:40.0421 0764 WudfSvc - ok
18:01:40.0546 0764 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:01:40.0578 0764 WZCSVC - ok
18:01:40.0703 0764 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:01:40.0718 0764 xmlprov - ok
18:01:40.0765 0764 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
18:01:40.0812 0764 \Device\Harddisk0\DR0 - ok
18:01:40.0812 0764 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:01:40.0812 0764 \Device\Harddisk1\DR1 - ok
18:01:40.0828 0764 Boot (0x1200) (58ad9997434e4c800c7219b81545ff82) \Device\Harddisk0\DR0\Partition0
18:01:40.0828 0764 \Device\Harddisk0\DR0\Partition0 - ok
18:01:40.0828 0764 Boot (0x1200) (fa7eae18da492c9a371c1f09a8072997) \Device\Harddisk0\DR0\Partition1
18:01:40.0828 0764 \Device\Harddisk0\DR0\Partition1 - ok
18:01:40.0843 0764 Boot (0x1200) (6c05be80deafa671f08e61062b1c66aa) \Device\Harddisk1\DR1\Partition0
18:01:40.0843 0764 \Device\Harddisk1\DR1\Partition0 - ok
18:01:40.0843 0764 Boot (0x1200) (56ad5a4dec1128d60b11ac19b6a1cd78) \Device\Harddisk1\DR1\Partition1
18:01:40.0843 0764 \Device\Harddisk1\DR1\Partition1 - ok
18:01:40.0875 0764 Boot (0x1200) (6baf4f9e206c4c0d533c7226d5ac139d) \Device\Harddisk1\DR1\Partition2
18:01:40.0875 0764 \Device\Harddisk1\DR1\Partition2 - ok
18:01:40.0875 0764 Boot (0x1200) (cdb9515ee430ab2454ffca33eb441f54) \Device\Harddisk1\DR1\Partition3
18:01:40.0890 0764 \Device\Harddisk1\DR1\Partition3 - ok
18:01:40.0890 0764 ============================================================
18:01:40.0890 0764 Scan finished
18:01:40.0890 0764 ============================================================
18:01:40.0906 2612 Detected object count: 0
18:01:40.0906 2612 Actual detected object count: 0
18:04:58.0687 0696 Deinitialize success

aswMBR 1:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 18:05:15
-----------------------------
18:05:15.937 OS Version: Windows 5.1.2600 Service Pack 3
18:05:15.937 Number of processors: 1 586 0x2F02
18:05:15.937 ComputerName: Home UserName:
18:05:16.750 Initialize success
18:05:58.750 AVAST engine defs: 12040901
18:06:08.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:06:08.500 Disk 0 Vendor: ST340014AS 3.43 Size: 38166MB BusType: 3
18:06:08.500 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-1b
18:06:08.500 Disk 1 Vendor: Maxtor_6L300R0 BAJ41G20 Size: 286188MB BusType: 3
18:06:08.515 Disk 0 MBR read successfully
18:06:08.515 Disk 0 MBR scan
18:06:08.656 Disk 0 unknown MBR code
18:06:08.687 Disk 0 Partition 1 00 0C FAT32 LBA RECOVERY 7695 MB offset 63
18:06:08.703 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30459 MB offset 15759765
18:06:08.718 Disk 0 scanning sectors +78140160
18:06:08.765 Disk 0 scanning C:\WINDOWS\system32\drivers
18:06:23.187 Service scanning
18:06:56.781 Modules scanning
18:07:12.078 Disk 0 trace - called modules:
18:07:12.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:07:12.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b180ab8]
18:07:12.093 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8b10ef18]
18:07:12.093 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b12c940]
18:07:12.390 AVAST engine scan C:\WINDOWS
18:07:21.328 AVAST engine scan C:\WINDOWS\system32
18:12:11.234 AVAST engine scan C:\WINDOWS\system32\drivers
18:12:27.187 AVAST engine scan C:\Documents and Settings\HP_Owner
18:18:36.906 AVAST engine scan C:\Documents and Settings\All Users
18:22:14.046 Scan finished successfully
18:22:49.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\MBR.dat"
18:22:49.296 The log file has been saved successfully to "C:\Documents and Settings\HP_Owner\Desktop\aswMBR_scan.txt"

aswMBR 2:

3 ׼ z Ύێ\   z fUB |2f"   >Uì
t ٿ8mt4uf>RECOuf>VERYuEE<t
< t$<u- t= t9QufQucuLP
tUxQ6lu26:luf3B=tL6TL6VE  <rtDuQtE &Qf3 zC6Ru | QZw
Missing operating system

Master Boot Record Error

Press a key.
P2I  ? Vy y kٷ U





#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 09 April 2012 - 07:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Mike H.

Mike H.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 10 April 2012 - 07:30 AM

Hi Gringo,

I'm having a very difficult time accessing the net using IE, Mozilla or Chrome.

Machine is VERY slow.

I finally got through and found my post and your response but the image will not display.

I'll try the java cache fix and add it to the beginning of the combofix.exe.

Mike

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 10 April 2012 - 07:37 AM

Hello


I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.
Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Mike H.

Mike H.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 10 April 2012 - 08:31 AM

Good(?) Morning Gringo,

I Did Get the combofix to run and the log file follows.

The machine seems fine now and it may have been my ISP, Verizon Fios, that was the connection problem.

I ran their connection restore wizard after combofix and everything including pictures is now appearing.

Do you still want me to run the DMA procedure above?

Mike H.


ComboFix 12-04-09.01 - HP_Owner 04/10/2012 8:43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2497 [GMT -4:00]
Running from: c:\combofix\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-02 17:20 . 2012-04-02 17:20 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Safe mirror
2012-04-02 17:17 . 2012-04-02 17:20 -------- d-----w- c:\program files\Cobian Backup 10
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 17:02 . 2012-02-25 17:02 65536 ------r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2012-02-25 17:02 . 2012-02-25 17:02 65536 ------r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2012-02-25 17:02 . 2012-02-25 17:02 65536 ------r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\ARPPRODUCTICON.exe
2012-02-03 09:22 . 2004-08-04 05:00 1860096 ------w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-16 05:14 3072 ------w- c:\windows\system32\iacenc.dll
2005-12-11 16:50 . 2005-12-11 16:50 5037072 -c----w- c:\program files\spybotsd14.exe
2005-12-11 16:48 . 2005-12-11 16:48 2855080 -c----w- c:\program files\aawsepersonal.exe
2011-12-21 07:24 . 2012-01-02 17:30 121816 ------w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96673559-e653-4cdc-8923-f89347a952c0}]
2011-04-29 19:56 262312 ------w- c:\program files\verizontb\auxi\verizonAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f8d96645-337c-419b-8792-b6c126145811}]
2011-04-29 19:56 86696 ------w- c:\program files\verizontb\verizonDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f8d96645-337c-419b-8792-b6c126145811}"= "c:\program files\verizontb\verizonDx.dll" [2011-04-29 86696]
.
[HKEY_CLASSES_ROOT\clsid\{f8d96645-337c-419b-8792-b6c126145811}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"Motive SmartBridge"="c:\progra~1\Verizon\SMARTB~1\MotiveSB.exe" [2006-06-23 438359]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 7.0"="g:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - f:\program files\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 23:35 49152 ------w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 00:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 00:50 81920 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ------w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 09:17 81920 -c----w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-25 22:40 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-w- g:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
2011-01-10 16:56 4318520 ------w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"navapsvc"=3 (0x3)
"NPFMntor"=2 (0x2)
"NProtectService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=3 (0x3)
"gupdatem"=3 (0x3)
"Themes"=2 (0x2)
"SPTISRV"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"ServicepointService"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Verizon\\VSP\\ServicepointService.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\Verizon\\Verizon Media Manager\\Release\\Verizon Media Manager.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 4:32 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 7:54 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 7:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 7:11 AM 185640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 5:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 7:53 AM 16720]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 5:12 PM 10664]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [4/2/2012 1:20 PM 67584]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 1:00 AM 14336]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2010 12:51 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2010 12:51 PM 136176]
S4 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [1/28/2012 7:15 PM 689464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-07-28 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d60a9678e4e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-05 16:51]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\vaeqny4h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{102d7cb0-7e9c-4be6-a367-438d6db0874d} - (no file)
BHO-{3BD57223-9F1D-4484-B72F-BC1C5257B541} - (no file)
BHO-{45698B67-1954-4A68-B559-957454464E9F} - (no file)
BHO-{E607A6D4-FB95-425C-83A8-713DECC6283F} - (no file)
BHO-{F0E314DB-EF85-4481-B47D-31D1107BAF29} - (no file)
BHO-{F1ADBEE0-4716-414B-ACF7-3544FB8E0E34} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 08:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-10 08:53:12
ComboFix-quarantined-files.txt 2012-04-10 12:53
.
Pre-Run: 2,579,296,256 bytes free
Post-Run: 2,664,443,904 bytes free
.
- - End Of File - - DED23F7299E55BE7BD24E5790DA3BCC9

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 10 April 2012 - 05:32 PM

Hello

Do you still want me to run the DMA procedure above


"Machine is VERY slow." <-- is this still true?

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Mike H.

Mike H.
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 11 April 2012 - 12:59 PM

Hi Gringo,

No, the machines speed is back to normal but there have been quite a few Verizon trucks in the area so it might be my ISP's problem.

Every thing has been smooth since the 2nd run of combofix.

Here is the file that you requested.



1600
1600_Help
1600Trb
32 Bit HP CIO Components Installer
4660_4680_Help
Abacast Client
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Agere Systems PCI Soft Modem
AiO_Scan
AiOSoftware
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Email Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG 2012
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CameraDrivers
CCleaner
CCScore
Cobian Backup 10
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DIGOpt
DIGReqEx
DocMgr
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
eSupportQFolder
Fax
Form Fill (Windows Live Toolbar)
GdiplusUpgrade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP Boot Optimizer
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Image Zone 5.3
HP Imaging Device Functions 10.0
HP Officejet All-In-One Series
HP Organize
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Essential 2.5
HP PSC & OfficeJet 5.3.B
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
InstantShareAlert
InstantShareDevices
InterVideo WinDVD Player
iTunes
J4680
Java Auto Updater
Java™ 6 Update 30
kgcbase
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Map Button (Windows Live Toolbar)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox 9.0.1 (x86 en-US)
MSN
MSN Encarta Plus Support Files
MSVCSetup
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
muvee autoProducer 4.0
NAVIGON Fresh 1.4.9
netbrdg
NewCopy
OCR Software by I.R.I.S. 10.0
Office 2003 Tour
OfotoXMI
OneCare Advisor (Windows Live Toolbar)
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
PanoStandAlone
PC-Doctor 5 for Windows
PDF Manual NW-E000 Series
PhotoGallery
PlayLinc
Popup Blocker (Windows Live Toolbar)
ProductContext
PSSWCORE
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2005
QuickTime
RandMap
Readme
Redist
Saints Toolbar
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
SFR
SHASTA
Shockwave
Shop for HP Supplies
skin0001
SkinsHP1
SKINXSDK
Smart Menus (Windows Live Toolbar)
SmartWebPrinting
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SonicStage 4.0
Spybot - Search & Destroy
staticcr
Status
Toolbox
tooltips
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Updates from HP (remove only)
VC 9.0 Runtime
Verizon Download Manager
Verizon FiOS Activation
Verizon Help and Support Tool
Verizon Media Manager
Verizon Servicepoint 3.7.44
Verizon Toolbar
VideoToolkit01
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
Vz In Home Agent
WebFldrs XP
WebReg
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WIRELESS
Yahoo! Detect

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 11 April 2012 - 01:01 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 6 Update 30 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users