Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 XXera

XXera

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 14 April 2012 - 11:36 PM

Hello, and thank you for your help.

Last week I realized I was getting some unwanted pop ups telling me I had won something then if I tried to use google, I would get redirected to the Happili page. I downloaded Microsoft Security Essentials (MSE)and ran a full computer scan. It found a couple of trojans, but I was still getting redirected. I uninstalled MSE and downloaded AVG Free edition and ran a full scan. It found 7 serious threats, but declared my computer clean after 3 complete scans, although it did not delete all of the threats. I then disabeled AVG, and downloaded SkyHunter, which did not find anything so I uninstalled it. I am still getting redirected when I try to use google.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 15 April 2012 - 12:17 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 XXera

XXera
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 15 April 2012 - 10:49 AM

Thank you for your quick reply.

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java™ 6 Update 29
Java™ 6 Update 2
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Ronald Keranen at 10:39:21 on 2012-04-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1579 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
mStart Page = about:blank
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = localhost;<local>
uInternet Settings,ProxyServer = 192.168.1.1:1080
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: MoneySide: {9404901d-06da-4b23-a0ee-3ea4f64ec9b3} - c:\program files\microsoft money\system\mnyviewer.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [Local AppWizard-Generated Applications] RUNDLL32.EXE "c:\documents and settings\ronald keranen\local settings\application data\local appwizard-generated applications\rvjgactn.dll",DoTestSetup
mRun: [PhoneTray] c:\program files\traysoft\phonetray\PhoneTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\ronald~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\ronald~1\startm~1\programs\startup\autoru~1\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\ronald~1\startm~1\programs\startup\autoru~1\outlook.lnk - c:\program files\outlook express\msimn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~2.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
mPolicies-explorer: <NO NAME> =
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{C9BD41D8-5501-44EA-88F3-2B01790045AB} : DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-17 133104]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-17 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-6-25 14336]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2006-9-10 15576]
.
=============== Created Last 30 ================
.
2012-04-14 22:31:26 -------- dc----w- C:\sh4ldr
2012-04-14 22:31:26 -------- dc----w- c:\program files\Enigma Software Group
2012-04-14 22:26:38 -------- dc----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-14 15:29:59 -------- dc----w- c:\documents and settings\ronald keranen\application data\AVG2012
2012-04-14 15:28:03 -------- dc-h--w- C:\$AVG
2012-04-13 20:06:32 -------- dc----w- c:\documents and settings\ronald keranen\application data\AVG Secure Search
2012-04-13 20:06:25 -------- dc----w- c:\program files\common files\AVG Secure Search
2012-04-13 20:05:11 -------- dc-h--w- c:\documents and settings\all users\application data\Common Files
2012-04-13 20:04:01 -------- dc----w- c:\documents and settings\all users\application data\AVG2012
2012-04-13 20:02:50 -------- dc----w- c:\program files\AVG
2012-04-13 19:59:53 -------- dc----w- c:\documents and settings\all users\application data\MFAData
2012-04-11 22:22:52 -------- dc----w- c:\documents and settings\ronald keranen\application data\ElevatedDiagnostics
2012-04-11 22:22:21 -------- dc----w- c:\program files\Microsoft ATS
2012-04-11 17:09:31 -------- dc----w- c:\documents and settings\ronald keranen\local settings\application data\Local AppWizard-Generated Applications
2012-04-04 05:53:56 182160 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-31 16:14:07 -------- dc----w- c:\documents and settings\ronald keranen\application data\OpenOffice.org
2012-03-31 16:11:09 -------- dc----w- c:\program files\OpenOffice.org 3
.
==================== Find3M ====================
.
2012-03-01 11:01:32 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 -c----w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 -c----w- c:\windows\system32\html.iec
2012-02-16 03:03:34 65304 -c--a-w- c:\windows\apppatch\MATSShim.DLL
2012-02-03 09:22:18 1860096 -c--a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 -c----w- c:\windows\system32\MpSigStub.exe
2002-12-16 04:53:18 22528 -c----w- c:\program files\unpnp.exe
2002-12-16 04:48:31 16384 -c----w- c:\program files\IP_Agent.exe
2002-12-13 20:21:49 8839120 -c----w- c:\program files\AcroReader51_ENU.exe
.
============= FINISH: 10:40:40.78 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/30/2002 5:50:42 PM
System Uptime: 4/15/2012 10:22:28 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2392/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 28.681 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (IPX)
Device ID: ROOT\MS_NDISWANIPX\0001
Manufacturer: Microsoft
Name: WAN Miniport (IPX) #2
PNP Device ID: ROOT\MS_NDISWANIPX\0001
Service: NdisWan
.
==== System Restore Points ===================
.
RP45: 4/13/2012 2:07:56 PM - Software Distribution Service 3.0
RP46: 4/13/2012 3:02:48 PM - Installed AVG 2012
RP47: 4/13/2012 3:11:18 PM - Installed AVG 2012
RP48: 4/14/2012 10:26:44 AM - Installed AVG 2012
RP49: 4/14/2012 10:27:38 AM - Installed AVG 2012
RP50: 4/14/2012 5:31:24 PM - Installed SpyHunter
RP51: 4/14/2012 6:17:45 PM - Removed SpyHunter
RP52: 4/15/2012 10:19:45 AM - Removed AVG 2012
RP53: 4/15/2012 10:21:32 AM - Removed AVG 2012
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader X (10.1.3)
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AXIS Media Control
BCM V.92 56K Modem
BufferChm
CardRd81
CCHelp
CCScore
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CR2
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Dell Driver Download Manager
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Descent 3
Destinations
Detto IntelliMover
DeviceFunctionQFolder
DeviceManagementQFolder
DING!
DivX
DivX Player
DocProc
DocumentViewer
DocumentViewerQFolder
Easy CD Creator 5 Basic
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
eSupportQFolder
Fax
FinePixViewer Ver.4.0
FTDI USB Serial Converter Drivers
FullDPAppQFolder
getPlus® for Adobe
Google Earth
Google Update Helper
Harley-Davidson® - Race Across America
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareAlert
InstantShareDevices
Intel® PRO Ethernet Adapter and Software
Intel® PROSet II
iPod for Windows 2005-03-23
iPod for Windows 2006-03-23
iPod for Windows 2006-06-28
iTunes
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 22
Java™ 6 Update 29
Kodak EasyShare software
KSU
LightScribe 1.4.84.1
MarketResearch
MGI VideoWave 4
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Express 2001
Microsoft Picture It! Photo 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Modem User Guide
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need For Speed Hot Pursuit 2
Nero Suite
NewCopy
Notifier
NVIDIA Display Driver
OpenOffice.org 3.3
OTtBP
OTtBPSDK
PanoStandAlone
PC Pitstop Optimize 1.0t
PCDLNCH
PhoneTray Free
PhoneTray Voices
PhotoGallery
PowerDVD
ProductContext
QuickTime
RandMap
Readme
RealPlayer
Runviewer
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Sound Blaster Live!
Spelling Dictionaries Support For Adobe Reader 9
Sports Car GT
Status
System Requirements Lab
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Card Reader
VCAMCEN
VPRINTOL
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.0
Windows XP Service Pack 3
WingMan Software
Works Suite OS Pack
Works Synchronization
.
==== Event Viewer Messages From Past Week ========
.
4/14/2012 6:18:16 PM, error: DCOM [10000] - Unable to start a DCOM Server: {32F815DA-4361-41C1-AB8F-451EC3252BBE}. The error: "%193" Happened while starting this command: "C:\Program Files\Microsoft Money\System\urlmap.exe" -Embedding
4/14/2012 2:48:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/14/2012 2:48:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix cdudf_xp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
4/14/2012 2:48:43 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
4/14/2012 2:48:43 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/14/2012 2:48:43 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/14/2012 2:48:43 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/14/2012 2:48:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/13/2012 9:52:18 AM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
4/13/2012 3:26:35 PM, error: Service Control Manager [7000] - The vToolbarUpdater10.2.0 service failed to start due to the following error: The system cannot find the file specified.
4/13/2012 2:08:40 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
4/12/2012 6:25:04 PM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
4/12/2012 6:25:04 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
4/12/2012 6:25:04 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/12/2012 12:55:56 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================


I didn't experience any problems gathering the information you requested.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 15 April 2012 - 12:12 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 XXera

XXera
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 15 April 2012 - 02:35 PM

Here is the ComboFix log:

ComboFix 12-04-15.02 - Ronald Keranen 04/15/2012 13:18:16.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1571 [GMT -5:00]
Running from: c:\documents and settings\Ronald Keranen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DirectCDUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Ronald Keranen\GoToAssistDownloadHelper.exe
c:\documents and settings\Ronald Keranen\Local Settings\Application Data\Local AppWizard-Generated Applications\rvjgactn.dll
c:\documents and settings\Ronald Keranen\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-14 22:31 . 2012-04-14 23:17 -------- dc----w- C:\sh4ldr
2012-04-14 22:31 . 2012-04-14 22:31 -------- dc----w- c:\program files\Enigma Software Group
2012-04-14 22:26 . 2012-04-14 23:17 -------- dc----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-14 22:24 . 2012-04-14 22:24 -------- dc----w- c:\documents and settings\dell_administrator\Local Settings\Application Data\Temp
2012-04-14 20:25 . 2012-04-14 20:25 -------- dc----w- c:\documents and settings\dell_administrator\Application Data\AVG2012
2012-04-14 15:29 . 2012-04-14 15:29 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\AVG2012
2012-04-14 15:28 . 2012-04-15 15:20 -------- dc----w- C:\$AVG
2012-04-13 20:06 . 2012-04-13 20:06 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\AVG Secure Search
2012-04-13 20:06 . 2012-04-13 20:06 -------- dc----w- c:\program files\Common Files\AVG Secure Search
2012-04-13 20:05 . 2012-04-13 20:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-04-13 20:04 . 2012-04-15 15:22 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-04-13 20:02 . 2012-04-13 20:02 -------- dc----w- c:\program files\AVG
2012-04-13 19:59 . 2012-04-15 15:21 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData
2012-04-12 18:23 . 2012-04-12 18:23 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-04-11 22:22 . 2012-04-11 22:22 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\ElevatedDiagnostics
2012-04-11 22:22 . 2012-04-11 22:22 -------- dc----w- c:\program files\Microsoft ATS
2012-04-11 17:09 . 2012-04-15 18:24 -------- dc----w- c:\documents and settings\Ronald Keranen\Local Settings\Application Data\Local AppWizard-Generated Applications
2012-04-04 05:53 . 2012-04-04 05:53 182160 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-31 16:14 . 2012-03-31 16:14 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\OpenOffice.org
2012-03-31 16:11 . 2012-03-31 16:11 -------- dc----w- c:\program files\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2004-02-06 23:05 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-12-16 05:54 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-12-16 05:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-06-25 21:50 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-06-25 21:38 148480 -c----w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec
2012-02-16 03:03 . 2012-04-11 22:22 65304 -c--a-w- c:\windows\apppatch\MATSShim.DLL
2012-02-03 09:22 . 2002-06-25 21:50 1860096 -c--a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-16 03:01 237072 -c----w- c:\windows\system32\MpSigStub.exe
2002-12-16 04:53 . 2002-12-16 04:53 22528 -c----w- c:\program files\unpnp.exe
2002-12-16 04:48 . 2002-12-16 04:48 16384 -c----w- c:\program files\IP_Agent.exe
2002-12-13 20:21 . 2002-12-13 20:18 8839120 -c----w- c:\program files\AcroReader51_ENU.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-15 1961984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhoneTray"="c:\program files\Traysoft\PhoneTray\PhoneTray.exe" [2009-12-20 445680]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Ronald Keranen\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Ronald Keranen\Start Menu\Programs\Startup\AutorunsDisabled
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Outlook.lnk - c:\program files\Outlook Express\msimn.exe [2003-3-3 60416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [N/A]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2003-12-11 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\EA Games\\Need For Speed Hot Pursuit 2\\NFSHP2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2001-11-09 15576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2008-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6fab7dcbaa42.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 22:07]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd06ad14e1dbec.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 22:07]
.
2012-04-11 c:\windows\Tasks\User_Feed_Synchronization-{61892116-2167-484C-B2C8-586DAACE0C55}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
mStart Page = about:blank
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = localhost;<local>
uInternet Settings,ProxyServer = 192.168.1.1:1080
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
HKCU-Run-Local AppWizard-Generated Applications - c:\documents and settings\Ronald Keranen\Local Settings\Application Data\Local AppWizard-Generated Applications\rvjgactn.dll
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Local AppWizard-Generated Applications = RUNDLL32.EXE "c:\documents and settings\Ronald Keranen\Local Settings\Application Data\Local AppWizard-Generated Applications\rvjgactn.dll",DoTestSetup?5678*??>T?? ???
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1547161642-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(892)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2012-04-15 13:39:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 18:39
.
Pre-Run: 30,707,908,608 bytes free
Post-Run: 30,982,512,640 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 52AF6DDC94B316222C3D911B8B18F9B5


Even though I had previously uninstalled AVG, ComboFix indicated AVG's scanner was still active with a pop up window. After clicking OK, ComboFix continued to run its scan and produce the log.

My computer is running "AWESOME, DUDE! You're the man." I have not seen any further sign of happili at this point, even after a reboot.
Thanks so much for your help. Is there anything else I need to do?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 15 April 2012 - 02:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 XXera

XXera
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 15 April 2012 - 03:36 PM

I had to use the keyboard shortcut to copy the log because there was no mouse right button menu.

TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:49:22.0281 3116 ============================================================
14:49:22.0281 3116 Current date / time: 2012/04/15 14:49:22.0281
14:49:22.0281 3116 SystemInfo:
14:49:22.0281 3116
14:49:22.0281 3116 OS Version: 5.1.2600 ServicePack: 3.0
14:49:22.0281 3116 Product type: Workstation
14:49:22.0281 3116 ComputerName: RRKDELL
14:49:22.0281 3116 UserName: Ronald Keranen
14:49:22.0281 3116 Windows directory: C:\WINDOWS
14:49:22.0281 3116 System windows directory: C:\WINDOWS
14:49:22.0281 3116 Processor architecture: Intel x86
14:49:22.0281 3116 Number of processors: 1
14:49:22.0281 3116 Page size: 0x1000
14:49:22.0281 3116 Boot type: Normal boot
14:49:22.0281 3116 ============================================================
14:49:24.0656 3116 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:49:24.0656 3116 \Device\Harddisk0\DR0:
14:49:24.0656 3116 MBR used
14:49:24.0656 3116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
14:49:24.0906 3116 Initialize success
14:49:24.0906 3116 ============================================================
14:49:27.0578 3148 ============================================================
14:49:27.0578 3148 Scan started
14:49:27.0578 3148 Mode: Manual;
14:49:27.0578 3148 ============================================================
14:49:28.0718 3148 Abiosdsk - ok
14:49:28.0734 3148 abp480n5 - ok
14:49:28.0828 3148 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:49:28.0828 3148 ACPI - ok
14:49:29.0484 3148 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:49:29.0484 3148 ACPIEC - ok
14:49:29.0687 3148 adpu160m - ok
14:49:29.0890 3148 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:49:29.0890 3148 aec - ok
14:49:30.0109 3148 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:49:30.0109 3148 AFD - ok
14:49:30.0281 3148 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:49:30.0296 3148 agp440 - ok
14:49:30.0421 3148 Aha154x - ok
14:49:30.0453 3148 aic78u2 - ok
14:49:30.0468 3148 aic78xx - ok
14:49:30.0531 3148 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:49:30.0531 3148 Alerter - ok
14:49:30.0718 3148 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:49:30.0718 3148 ALG - ok
14:49:30.0875 3148 AliIde - ok
14:49:30.0906 3148 amsint - ok
14:49:31.0062 3148 Apple Mobile Device (2acfc9242be81ae2356e14e5e05c02bb) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:49:31.0062 3148 Apple Mobile Device - ok
14:49:31.0187 3148 AppMgmt - ok
14:49:31.0359 3148 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:49:31.0359 3148 Arp1394 - ok
14:49:31.0453 3148 asc - ok
14:49:31.0625 3148 asc3350p - ok
14:49:31.0781 3148 asc3550 - ok
14:49:32.0031 3148 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
14:49:32.0031 3148 Aspi32 - ok
14:49:32.0296 3148 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:49:32.0296 3148 aspnet_state - ok
14:49:32.0484 3148 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:49:32.0484 3148 AsyncMac - ok
14:49:32.0718 3148 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:49:32.0718 3148 atapi - ok
14:49:32.0843 3148 Atdisk - ok
14:49:32.0937 3148 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:49:32.0937 3148 Atmarpc - ok
14:49:33.0078 3148 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:49:33.0078 3148 AudioSrv - ok
14:49:33.0359 3148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:49:33.0359 3148 audstub - ok
14:49:33.0593 3148 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
14:49:33.0625 3148 BCMModem - ok
14:49:33.0828 3148 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:49:33.0828 3148 Beep - ok
14:49:34.0093 3148 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:49:34.0093 3148 BITS - ok
14:49:34.0281 3148 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:49:34.0281 3148 Browser - ok
14:49:34.0484 3148 bvrp_pci - ok
14:49:34.0484 3148 catchme - ok
14:49:34.0687 3148 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:49:34.0687 3148 cbidf2k - ok
14:49:34.0890 3148 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:49:34.0906 3148 CCDECODE - ok
14:49:35.0109 3148 cd20xrnt - ok
14:49:35.0187 3148 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:49:35.0187 3148 Cdaudio - ok
14:49:35.0375 3148 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:49:35.0375 3148 Cdfs - ok
14:49:35.0562 3148 Cdr4_xp (b025339fbc76547db7d9633d83d0706d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
14:49:35.0562 3148 Cdr4_xp - ok
14:49:35.0734 3148 Cdralw2k (2ede09c61866fac671953576fe4ca3bc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
14:49:35.0734 3148 Cdralw2k - ok
14:49:35.0906 3148 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:49:35.0906 3148 Cdrom - ok
14:49:36.0015 3148 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
14:49:36.0031 3148 cdudf_xp - ok
14:49:36.0140 3148 Changer - ok
14:49:36.0312 3148 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:49:36.0328 3148 cisvc - ok
14:49:36.0531 3148 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:49:36.0531 3148 ClipSrv - ok
14:49:36.0812 3148 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:49:36.0812 3148 clr_optimization_v2.0.50727_32 - ok
14:49:37.0015 3148 CmdIde - ok
14:49:37.0171 3148 COMSysApp - ok
14:49:37.0390 3148 Cpqarray - ok
14:49:37.0546 3148 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:49:37.0546 3148 CryptSvc - ok
14:49:37.0750 3148 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
14:49:37.0765 3148 ctsfm2k - ok
14:49:37.0906 3148 dac2w2k - ok
14:49:37.0937 3148 dac960nt - ok
14:49:38.0000 3148 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
14:49:38.0015 3148 DcCam - ok
14:49:38.0265 3148 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
14:49:38.0265 3148 DcFpoint - ok
14:49:38.0437 3148 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
14:49:38.0437 3148 DCFS2K - ok
14:49:38.0656 3148 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
14:49:38.0656 3148 DcLps - ok
14:49:38.0843 3148 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:49:38.0859 3148 DcomLaunch - ok
14:49:39.0093 3148 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
14:49:39.0093 3148 DcPTP - ok
14:49:39.0343 3148 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:49:39.0343 3148 Dhcp - ok
14:49:39.0546 3148 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:49:39.0546 3148 Disk - ok
14:49:39.0703 3148 dmadmin - ok
14:49:39.0843 3148 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:49:39.0859 3148 dmboot - ok
14:49:40.0156 3148 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:49:40.0156 3148 dmio - ok
14:49:40.0359 3148 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:49:40.0359 3148 dmload - ok
14:49:40.0546 3148 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:49:40.0546 3148 dmserver - ok
14:49:40.0750 3148 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:49:40.0750 3148 DMusic - ok
14:49:40.0953 3148 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:49:40.0953 3148 Dnscache - ok
14:49:41.0203 3148 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:49:41.0203 3148 Dot3svc - ok
14:49:41.0343 3148 dpti2o - ok
14:49:41.0421 3148 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:49:41.0421 3148 drmkaud - ok
14:49:41.0640 3148 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
14:49:41.0640 3148 dvd_2K - ok
14:49:41.0859 3148 E100B (56ab585a307909c4447d5900a10c6bc7) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:49:41.0859 3148 E100B - ok
14:49:42.0125 3148 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:49:42.0125 3148 EapHost - ok
14:49:42.0312 3148 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:49:42.0312 3148 ERSvc - ok
14:49:42.0421 3148 esgiguard - ok
14:49:42.0625 3148 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:49:42.0625 3148 Eventlog - ok
14:49:42.0859 3148 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
14:49:42.0859 3148 EventSystem - ok
14:49:43.0171 3148 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
14:49:43.0171 3148 Exportit - ok
14:49:43.0390 3148 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:49:43.0390 3148 Fastfat - ok
14:49:43.0609 3148 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:49:43.0609 3148 FastUserSwitchingCompatibility - ok
14:49:43.0890 3148 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:49:43.0890 3148 Fdc - ok
14:49:44.0078 3148 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:49:44.0078 3148 Fips - ok
14:49:44.0265 3148 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:49:44.0265 3148 Flpydisk - ok
14:49:44.0453 3148 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:49:44.0453 3148 FltMgr - ok
14:49:44.0703 3148 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:49:44.0703 3148 FontCache3.0.0.0 - ok
14:49:44.0953 3148 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:49:44.0953 3148 Fs_Rec - ok
14:49:45.0171 3148 FTDIBUS (bb5107ca0569c95f2a850722c34d20c9) C:\WINDOWS\system32\drivers\ftdibus.sys
14:49:45.0171 3148 FTDIBUS - ok
14:49:45.0390 3148 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:49:45.0406 3148 Ftdisk - ok
14:49:45.0578 3148 FTSER2K (296be0a1d7c96a7abbede6b97baf96b3) C:\WINDOWS\system32\drivers\ftser2k.sys
14:49:45.0578 3148 FTSER2K - ok
14:49:45.0781 3148 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:49:45.0781 3148 gameenum - ok
14:49:46.0000 3148 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:49:46.0000 3148 GEARAspiWDM - ok
14:49:46.0125 3148 getPlus® Helper (78494ae0f93358179b97571b9e76997c) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
14:49:46.0125 3148 getPlus® Helper - ok
14:49:46.0343 3148 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:49:46.0343 3148 Gpc - ok
14:49:46.0578 3148 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:49:46.0578 3148 gupdate - ok
14:49:46.0593 3148 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:49:46.0593 3148 gupdatem - ok
14:49:46.0843 3148 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:49:46.0859 3148 helpsvc - ok
14:49:47.0156 3148 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
14:49:47.0156 3148 hidgame - ok
14:49:47.0296 3148 HidServ - ok
14:49:47.0375 3148 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:49:47.0375 3148 HidUsb - ok
14:49:47.0578 3148 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:49:47.0578 3148 hkmsvc - ok
14:49:47.0718 3148 hpn - ok
14:49:47.0734 3148 hpt3xx - ok
14:49:47.0796 3148 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:49:47.0796 3148 HPZid412 - ok
14:49:47.0968 3148 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:49:47.0968 3148 HPZipr12 - ok
14:49:48.0218 3148 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:49:48.0218 3148 HPZius12 - ok
14:49:48.0453 3148 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:49:48.0453 3148 HTTP - ok
14:49:48.0593 3148 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:49:48.0609 3148 HTTPFilter - ok
14:49:48.0750 3148 i2omgmt - ok
14:49:48.0765 3148 i2omp - ok
14:49:48.0843 3148 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:49:48.0843 3148 i8042prt - ok
14:49:49.0015 3148 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:49:49.0015 3148 IDriverT - ok
14:49:49.0328 3148 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:49:49.0343 3148 idsvc - ok
14:49:49.0546 3148 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:49:49.0546 3148 Imapi - ok
14:49:49.0750 3148 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:49:49.0765 3148 ImapiService - ok
14:49:49.0921 3148 ini910u - ok
14:49:50.0156 3148 IntelIde - ok
14:49:50.0359 3148 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:49:50.0359 3148 intelppm - ok
14:49:50.0531 3148 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:49:50.0531 3148 ip6fw - ok
14:49:50.0734 3148 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:49:50.0734 3148 IpFilterDriver - ok
14:49:50.0906 3148 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:49:50.0906 3148 IpInIp - ok
14:49:51.0156 3148 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:49:51.0156 3148 IpNat - ok
14:49:51.0375 3148 iPod Service (83cd5f746b260457def125aeb8783b46) C:\Program Files\iPod\bin\iPodService.exe
14:49:51.0375 3148 iPod Service - ok
14:49:51.0640 3148 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:49:51.0640 3148 IPSec - ok
14:49:51.0781 3148 IPVNMon - ok
14:49:51.0859 3148 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:49:51.0859 3148 IRENUM - ok
14:49:52.0078 3148 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:49:52.0078 3148 isapnp - ok
14:49:52.0265 3148 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:49:52.0265 3148 Kbdclass - ok
14:49:52.0468 3148 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:49:52.0468 3148 kbdhid - ok
14:49:52.0671 3148 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:49:52.0671 3148 kmixer - ok
14:49:52.0890 3148 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe
14:49:52.0906 3148 KodakCCS - ok
14:49:53.0187 3148 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:49:53.0187 3148 KSecDD - ok
14:49:53.0375 3148 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:49:53.0375 3148 lanmanserver - ok
14:49:53.0546 3148 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:49:53.0546 3148 lanmanworkstation - ok
14:49:53.0687 3148 lbrtfdc - ok
14:49:53.0859 3148 LightScribeService (e4973b3229e0015345afbe43a8a8eb3b) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:49:53.0859 3148 LightScribeService - ok
14:49:54.0078 3148 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:49:54.0078 3148 LmHosts - ok
14:49:54.0296 3148 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:49:54.0296 3148 Messenger - ok
14:49:54.0468 3148 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
14:49:54.0468 3148 mmc_2K - ok
14:49:54.0718 3148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:49:54.0734 3148 mnmdd - ok
14:49:54.0906 3148 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
14:49:54.0906 3148 mnmsrvc - ok
14:49:55.0140 3148 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:49:55.0140 3148 Modem - ok
14:49:55.0359 3148 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
14:49:55.0359 3148 MODEMCSA - ok
14:49:55.0546 3148 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:49:55.0546 3148 Mouclass - ok
14:49:55.0765 3148 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:49:55.0765 3148 mouhid - ok
14:49:56.0000 3148 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:49:56.0000 3148 MountMgr - ok
14:49:56.0203 3148 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:49:56.0203 3148 MPE - ok
14:49:56.0343 3148 mraid35x - ok
14:49:56.0406 3148 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:49:56.0421 3148 MRxDAV - ok
14:49:56.0718 3148 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:49:56.0718 3148 MRxSmb - ok
14:49:56.0890 3148 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
14:49:56.0890 3148 MSDTC - ok
14:49:57.0156 3148 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:49:57.0156 3148 Msfs - ok
14:49:57.0281 3148 MSIServer - ok
14:49:57.0343 3148 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:49:57.0343 3148 MSKSSRV - ok
14:49:57.0546 3148 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:49:57.0546 3148 MSPCLOCK - ok
14:49:57.0750 3148 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:49:57.0750 3148 MSPQM - ok
14:49:57.0953 3148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:49:57.0953 3148 mssmbios - ok
14:49:58.0031 3148 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:49:58.0031 3148 MSTEE - ok
14:49:58.0296 3148 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:49:58.0296 3148 Mup - ok
14:49:58.0468 3148 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:49:58.0468 3148 NABTSFEC - ok
14:49:58.0671 3148 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:49:58.0671 3148 napagent - ok
14:49:58.0875 3148 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:49:58.0875 3148 NDIS - ok
14:49:59.0031 3148 ndiscm - ok
14:49:59.0093 3148 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:49:59.0093 3148 NdisIP - ok
14:49:59.0359 3148 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:49:59.0359 3148 NdisTapi - ok
14:49:59.0531 3148 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:49:59.0531 3148 Ndisuio - ok
14:49:59.0718 3148 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:49:59.0718 3148 NdisWan - ok
14:49:59.0890 3148 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:49:59.0890 3148 NDProxy - ok
14:50:00.0093 3148 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:50:00.0093 3148 NetBIOS - ok
14:50:00.0281 3148 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:50:00.0281 3148 NetBT - ok
14:50:00.0453 3148 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:00.0453 3148 NetDDE - ok
14:50:00.0468 3148 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:50:00.0468 3148 NetDDEdsdm - ok
14:50:00.0687 3148 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:00.0687 3148 Netlogon - ok
14:50:00.0859 3148 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:50:00.0875 3148 Netman - ok
14:50:01.0140 3148 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:01.0140 3148 NetTcpPortSharing - ok
14:50:01.0328 3148 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:50:01.0328 3148 NIC1394 - ok
14:50:01.0531 3148 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:50:01.0546 3148 Nla - ok
14:50:01.0750 3148 NMSCFG (847d6d775524fa5e58d851ddec566a12) C:\WINDOWS\system32\drivers\NMSCFG.SYS
14:50:01.0750 3148 NMSCFG - ok
14:50:01.0984 3148 NMSSvc (89f315b13245c3dfda4438694f302b2e) C:\WINDOWS\System32\NMSSvc.exe
14:50:02.0015 3148 NMSSvc - ok
14:50:02.0171 3148 nosGetPlusHelper (9865516d33bc66fddac9db4087d4b6aa) C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
14:50:02.0171 3148 nosGetPlusHelper - ok
14:50:02.0406 3148 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:50:02.0406 3148 Npfs - ok
14:50:02.0609 3148 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:50:02.0625 3148 Ntfs - ok
14:50:02.0828 3148 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:50:02.0828 3148 NtLmSsp - ok
14:50:03.0062 3148 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:50:03.0078 3148 NtmsSvc - ok
14:50:03.0343 3148 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:50:03.0343 3148 Null - ok
14:50:03.0578 3148 nv (71dbdc08df86b80511e72953fa1ad6b0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:50:03.0593 3148 nv - ok
14:50:03.0796 3148 NVSvc (5ed834603c36414b579979b3a9c90f54) C:\WINDOWS\system32\nvsvc32.exe
14:50:03.0796 3148 NVSvc - ok
14:50:04.0062 3148 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:50:04.0062 3148 NwlnkFlt - ok
14:50:04.0296 3148 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:50:04.0296 3148 NwlnkFwd - ok
14:50:04.0500 3148 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:50:04.0500 3148 NwlnkIpx - ok
14:50:04.0703 3148 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:50:04.0703 3148 NwlnkNb - ok
14:50:04.0875 3148 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:50:04.0875 3148 NwlnkSpx - ok
14:50:05.0000 3148 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:50:05.0000 3148 ohci1394 - ok
14:50:05.0218 3148 OMCI (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
14:50:05.0218 3148 OMCI - ok
14:50:05.0421 3148 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
14:50:05.0421 3148 ossrv - ok
14:50:05.0656 3148 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
14:50:05.0671 3148 P16X - ok
14:50:05.0828 3148 PalmUSBD - ok
14:50:06.0062 3148 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:50:06.0062 3148 Parport - ok
14:50:06.0250 3148 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:50:06.0250 3148 PartMgr - ok
14:50:06.0453 3148 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:50:06.0453 3148 ParVdm - ok
14:50:06.0656 3148 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:50:06.0656 3148 PCI - ok
14:50:06.0796 3148 PCIDump - ok
14:50:07.0000 3148 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:50:07.0000 3148 PCIIde - ok
14:50:07.0171 3148 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:50:07.0187 3148 Pcmcia - ok
14:50:07.0328 3148 PDCOMP - ok
14:50:07.0343 3148 PDFRAME - ok
14:50:07.0375 3148 PDRELI - ok
14:50:07.0406 3148 PDRFRAME - ok
14:50:07.0421 3148 perc2 - ok
14:50:07.0453 3148 perc2hib - ok
14:50:07.0546 3148 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
14:50:07.0546 3148 PfModNT - ok
14:50:07.0750 3148 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:50:07.0750 3148 PlugPlay - ok
14:50:07.0984 3148 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
14:50:07.0984 3148 Pml Driver HPZ12 - ok
14:50:08.0234 3148 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:08.0234 3148 PolicyAgent - ok
14:50:08.0453 3148 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:50:08.0453 3148 PptpMiniport - ok
14:50:08.0734 3148 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:50:08.0734 3148 Processor - ok
14:50:08.0890 3148 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:08.0890 3148 ProtectedStorage - ok
14:50:09.0093 3148 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:50:09.0093 3148 Ptilink - ok
14:50:09.0296 3148 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
14:50:09.0312 3148 pwd_2k - ok
14:50:09.0484 3148 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
14:50:09.0484 3148 PxHelp20 - ok
14:50:09.0609 3148 ql1080 - ok
14:50:09.0625 3148 Ql10wnt - ok
14:50:09.0656 3148 ql12160 - ok
14:50:09.0687 3148 ql1240 - ok
14:50:09.0703 3148 ql1280 - ok
14:50:09.0781 3148 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:50:09.0781 3148 RasAcd - ok
14:50:09.0968 3148 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:50:09.0968 3148 RasAuto - ok
14:50:10.0171 3148 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:50:10.0171 3148 Rasl2tp - ok
14:50:10.0343 3148 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:50:10.0359 3148 RasMan - ok
14:50:10.0546 3148 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:50:10.0546 3148 RasPppoe - ok
14:50:10.0750 3148 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:50:10.0750 3148 Raspti - ok
14:50:10.0953 3148 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:50:10.0953 3148 Rdbss - ok
14:50:11.0187 3148 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:50:11.0187 3148 RDPCDD - ok
14:50:11.0406 3148 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:50:11.0406 3148 RDPWD - ok
14:50:11.0593 3148 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:50:11.0593 3148 RDSessMgr - ok
14:50:11.0796 3148 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:50:11.0796 3148 redbook - ok
14:50:11.0984 3148 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:50:11.0984 3148 RemoteAccess - ok
14:50:12.0187 3148 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
14:50:12.0187 3148 RpcLocator - ok
14:50:12.0406 3148 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:50:12.0406 3148 RpcSs - ok
14:50:12.0578 3148 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:50:12.0593 3148 RSVP - ok
14:50:12.0796 3148 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:50:12.0796 3148 SamSs - ok
14:50:12.0984 3148 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:50:13.0000 3148 SCardSvr - ok
14:50:13.0203 3148 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:50:13.0218 3148 Schedule - ok
14:50:13.0421 3148 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:50:13.0421 3148 Secdrv - ok
14:50:13.0625 3148 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:50:13.0625 3148 seclogon - ok
14:50:13.0828 3148 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:50:13.0843 3148 SENS - ok
14:50:14.0140 3148 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:50:14.0140 3148 serenum - ok
14:50:14.0328 3148 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:50:14.0328 3148 Serial - ok
14:50:14.0531 3148 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:50:14.0531 3148 Sfloppy - ok
14:50:14.0703 3148 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:50:14.0718 3148 SharedAccess - ok
14:50:14.0921 3148 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:14.0921 3148 ShellHWDetection - ok
14:50:15.0109 3148 Simbad - ok
14:50:15.0296 3148 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:50:15.0296 3148 SLIP - ok
14:50:15.0515 3148 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:50:15.0515 3148 SONYPVU1 - ok
14:50:15.0671 3148 Sparrow - ok
14:50:15.0843 3148 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:50:15.0843 3148 splitter - ok
14:50:16.0093 3148 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:50:16.0093 3148 Spooler - ok
14:50:16.0296 3148 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:50:16.0296 3148 sr - ok
14:50:16.0484 3148 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:50:16.0484 3148 srservice - ok
14:50:16.0703 3148 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:50:16.0718 3148 Srv - ok
14:50:16.0906 3148 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:50:16.0906 3148 SSDPSRV - ok
14:50:17.0125 3148 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:50:17.0125 3148 stisvc - ok
14:50:17.0406 3148 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:50:17.0406 3148 streamip - ok
14:50:17.0609 3148 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:50:17.0609 3148 swenum - ok
14:50:17.0796 3148 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:50:17.0796 3148 swmidi - ok
14:50:17.0906 3148 SwPrv - ok
14:50:17.0937 3148 symc810 - ok
14:50:17.0968 3148 symc8xx - ok
14:50:17.0984 3148 sym_hi - ok
14:50:18.0015 3148 sym_u3 - ok
14:50:18.0078 3148 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:50:18.0078 3148 sysaudio - ok
14:50:18.0328 3148 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:50:18.0328 3148 SysmonLog - ok
14:50:18.0546 3148 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:50:18.0546 3148 TapiSrv - ok
14:50:18.0734 3148 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:50:18.0750 3148 Tcpip - ok
14:50:18.0937 3148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:50:18.0937 3148 TDPIPE - ok
14:50:19.0187 3148 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:50:19.0187 3148 TDTCP - ok
14:50:19.0390 3148 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:50:19.0390 3148 TermDD - ok
14:50:19.0578 3148 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:50:19.0578 3148 TermService - ok
14:50:19.0781 3148 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:50:19.0781 3148 Themes - ok
14:50:19.0921 3148 TosIde - ok
14:50:20.0156 3148 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:50:20.0156 3148 TrkWks - ok
14:50:20.0359 3148 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
14:50:20.0375 3148 UdfReadr_xp - ok
14:50:20.0546 3148 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:50:20.0546 3148 Udfs - ok
14:50:20.0703 3148 ultra - ok
14:50:20.0781 3148 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:50:20.0781 3148 Update - ok
14:50:20.0953 3148 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:50:20.0953 3148 upnphost - ok
14:50:21.0140 3148 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:50:21.0140 3148 UPS - ok
14:50:21.0296 3148 USB28xxBGA - ok
14:50:21.0328 3148 USB28xxOEM - ok
14:50:21.0390 3148 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:50:21.0406 3148 usbaudio - ok
14:50:21.0640 3148 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:50:21.0640 3148 usbccgp - ok
14:50:21.0843 3148 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:50:21.0843 3148 usbehci - ok
14:50:22.0093 3148 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:50:22.0109 3148 usbhub - ok
14:50:22.0281 3148 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:50:22.0281 3148 usbprint - ok
14:50:22.0468 3148 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:50:22.0484 3148 usbscan - ok
14:50:22.0671 3148 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:50:22.0671 3148 USBSTOR - ok
14:50:22.0875 3148 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:50:22.0875 3148 usbuhci - ok
14:50:23.0062 3148 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:50:23.0062 3148 VgaSave - ok
14:50:23.0281 3148 ViaIde - ok
14:50:23.0500 3148 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:50:23.0500 3148 VolSnap - ok
14:50:23.0671 3148 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:50:23.0687 3148 VSS - ok
14:50:23.0812 3148 vToolbarUpdater10.2.0 - ok
14:50:24.0078 3148 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:50:24.0093 3148 W32Time - ok
14:50:24.0359 3148 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:50:24.0359 3148 Wanarp - ok
14:50:24.0484 3148 WDICA - ok
14:50:24.0656 3148 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys
14:50:24.0656 3148 Wdm1 - ok
14:50:24.0859 3148 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:50:24.0859 3148 wdmaud - ok
14:50:25.0078 3148 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:50:25.0078 3148 WebClient - ok
14:50:25.0343 3148 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:50:25.0359 3148 winmgmt - ok
14:50:25.0562 3148 WmBEnum (f379fe2fef948b6e2c112b5810dc4265) C:\WINDOWS\system32\drivers\WmBEnum.sys
14:50:25.0562 3148 WmBEnum - ok
14:50:25.0750 3148 WMDM PMSP Service (581176f60885aef8f78c6e38dcc3cdf9) C:\WINDOWS\System32\MsPMSPSv.exe
14:50:25.0750 3148 WMDM PMSP Service - ok
14:50:25.0921 3148 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:50:25.0921 3148 WmdmPmSN - ok
14:50:26.0156 3148 WmFilter (6f64a9ffb327ad31b40de3df15c7e48c) C:\WINDOWS\system32\drivers\WmFilter.sys
14:50:26.0156 3148 WmFilter - ok
14:50:26.0343 3148 WmHidLo (55f7076de365be6134d006bfd94f01d0) C:\WINDOWS\system32\drivers\WmHidLo.sys
14:50:26.0343 3148 WmHidLo - ok
14:50:26.0453 3148 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:50:26.0453 3148 WmiApSrv - ok
14:50:26.0625 3148 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:50:26.0656 3148 WMPNetworkSvc - ok
14:50:26.0906 3148 WmVirHid (b16b3618fe8bc317f6771c44ea31819f) C:\WINDOWS\system32\drivers\WmVirHid.sys
14:50:26.0906 3148 WmVirHid - ok
14:50:27.0156 3148 WmXlCore (deeca36a2f27fbe34ee44c1e95e244fe) C:\WINDOWS\system32\drivers\WmXlCore.sys
14:50:27.0156 3148 WmXlCore - ok
14:50:27.0390 3148 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:50:27.0390 3148 WS2IFSL - ok
14:50:27.0578 3148 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:50:27.0593 3148 wscsvc - ok
14:50:27.0765 3148 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:50:27.0765 3148 WSTCODEC - ok
14:50:28.0000 3148 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:50:28.0015 3148 wuauserv - ok
14:50:28.0203 3148 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:50:28.0203 3148 WudfPf - ok
14:50:28.0406 3148 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:50:28.0406 3148 WudfRd - ok
14:50:28.0609 3148 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:50:28.0609 3148 WudfSvc - ok
14:50:28.0828 3148 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:50:28.0859 3148 WZCSVC - ok
14:50:29.0062 3148 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:50:29.0062 3148 xmlprov - ok
14:50:29.0125 3148 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:50:29.0312 3148 \Device\Harddisk0\DR0 - ok
14:50:29.0328 3148 Boot (0x1200) (d22e50f4323e3824639c3a5e2cf6d1f2) \Device\Harddisk0\DR0\Partition0
14:50:29.0328 3148 \Device\Harddisk0\DR0\Partition0 - ok
14:50:29.0328 3148 ============================================================
14:50:29.0328 3148 Scan finished
14:50:29.0328 3148 ============================================================
14:50:29.0343 2832 Detected object count: 0
14:50:29.0343 2832 Actual detected object count: 0


Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 15:04:03
-----------------------------
15:04:03.421 OS Version: Windows 5.1.2600 Service Pack 3
15:04:03.421 Number of processors: 1 586 0x207
15:04:03.421 ComputerName: RRKDELL UserName:
15:04:04.000 Initialize success
15:05:55.125 AVAST engine defs: 12041501
15:06:38.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:06:38.578 Disk 0 Vendor: IC35L080AVVA07-0 VA4OA51A Size: 76293MB BusType: 3
15:06:38.593 Disk 0 MBR read successfully
15:06:38.593 Disk 0 MBR scan
15:06:38.593 Disk 0 Windows XP default MBR code
15:06:38.593 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 31 MB offset 63
15:06:38.609 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260
15:06:38.609 Disk 0 scanning sectors +156232125
15:06:38.703 Disk 0 scanning C:\WINDOWS\system32\drivers
15:06:56.250 Service scanning
15:07:29.312 Modules scanning
15:07:42.406 Disk 0 trace - called modules:
15:07:42.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:07:42.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa72ab8]
15:07:42.921 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aab2d98]
15:07:43.359 AVAST engine scan C:\WINDOWS
15:07:59.046 AVAST engine scan C:\WINDOWS\system32
15:12:17.359 AVAST engine scan C:\WINDOWS\system32\drivers
15:12:39.640 AVAST engine scan C:\Documents and Settings\Ronald Keranen
15:30:21.281 AVAST engine scan C:\Documents and Settings\All Users
15:31:36.265 Scan finished successfully
15:33:57.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Ronald Keranen\Desktop\MBR.dat"
15:33:57.109 The log file has been saved successfully to "C:\Documents and Settings\Ronald Keranen\Desktop\aswMBR.txt"


I didn't have any problems running either scan.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 15 April 2012 - 05:14 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
DDS::
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 XXera

XXera
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 15 April 2012 - 06:14 PM

ComboFix 12-04-15.02 - Ronald Keranen 04/15/2012 17:27:54.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1516 [GMT -5:00]
Running from: c:\documents and settings\Ronald Keranen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ronald Keranen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-14 22:31 . 2012-04-14 23:17 -------- dc----w- C:\sh4ldr
2012-04-14 22:31 . 2012-04-14 22:31 -------- dc----w- c:\program files\Enigma Software Group
2012-04-14 22:26 . 2012-04-14 23:17 -------- dc----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-14 22:24 . 2012-04-14 22:24 -------- dc----w- c:\documents and settings\dell_administrator\Local Settings\Application Data\Temp
2012-04-14 20:25 . 2012-04-14 20:25 -------- dc----w- c:\documents and settings\dell_administrator\Application Data\AVG2012
2012-04-14 15:29 . 2012-04-14 15:29 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\AVG2012
2012-04-14 15:28 . 2012-04-15 15:20 -------- dc----w- C:\$AVG
2012-04-13 20:06 . 2012-04-13 20:06 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\AVG Secure Search
2012-04-13 20:06 . 2012-04-13 20:06 -------- dc----w- c:\program files\Common Files\AVG Secure Search
2012-04-13 20:05 . 2012-04-13 20:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-04-13 20:04 . 2012-04-15 15:22 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-04-13 20:02 . 2012-04-13 20:02 -------- dc----w- c:\program files\AVG
2012-04-13 19:59 . 2012-04-15 15:21 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData
2012-04-12 18:23 . 2012-04-12 18:23 -------- dc----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2012-04-11 22:22 . 2012-04-11 22:22 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\ElevatedDiagnostics
2012-04-11 22:22 . 2012-04-11 22:22 -------- dc----w- c:\program files\Microsoft ATS
2012-04-11 17:09 . 2012-04-15 18:24 -------- dc----w- c:\documents and settings\Ronald Keranen\Local Settings\Application Data\Local AppWizard-Generated Applications
2012-04-04 05:53 . 2012-04-04 05:53 182160 -c--a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-03-31 16:14 . 2012-03-31 16:14 -------- dc----w- c:\documents and settings\Ronald Keranen\Application Data\OpenOffice.org
2012-03-31 16:11 . 2012-03-31 16:11 -------- dc----w- c:\program files\OpenOffice.org 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2004-02-06 23:05 916992 -c--a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-12-16 05:54 43520 -c----w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-12-16 05:49 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-06-25 21:50 177664 -c--a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-06-25 21:38 148480 -c----w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec
2012-02-16 03:03 . 2012-04-11 22:22 65304 -c--a-w- c:\windows\apppatch\MATSShim.DLL
2012-02-03 09:22 . 2002-06-25 21:50 1860096 -c--a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2012-02-16 03:01 237072 -c----w- c:\windows\system32\MpSigStub.exe
2002-12-16 04:53 . 2002-12-16 04:53 22528 -c----w- c:\program files\unpnp.exe
2002-12-16 04:48 . 2002-12-16 04:48 16384 -c----w- c:\program files\IP_Agent.exe
2002-12-13 20:21 . 2002-12-13 20:18 8839120 -c----w- c:\program files\AcroReader51_ENU.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-15 1961984]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhoneTray"="c:\program files\Traysoft\PhoneTray\PhoneTray.exe" [2009-12-20 445680]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Ronald Keranen\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Ronald Keranen\Start Menu\Programs\Startup\AutorunsDisabled
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Outlook.lnk - c:\program files\Outlook Express\msimn.exe [2003-3-3 60416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-12-24 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [N/A]
Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2003-12-11 200704]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-8-11 757760]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\EA Games\\Need For Speed Hot Pursuit 2\\NFSHP2.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2009 5:07 PM 133104]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/17/2009 5:07 PM 133104]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [6/25/2002 4:47 PM 14336]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [9/10/2006 11:42 AM 15576]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 64986138
*NewlyCreated* - ASWMBR
*Deregistered* - 64986138
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2008-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6fab7dcbaa42.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 22:07]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd06ad14e1dbec.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 22:07]
.
2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{61892116-2167-484C-B2C8-586DAACE0C55}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?complete=0&hl=en
mStart Page = about:blank
uInternet Settings,ProxyOverride = localhost;<local>
uInternet Settings,ProxyServer = 192.168.1.1:1080
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 17:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1547161642-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2832)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-15 17:39:31
ComboFix-quarantined-files.txt 2012-04-15 22:39
ComboFix2.txt 2012-04-15 18:39
.
Pre-Run: 30,830,772,224 bytes free
Post-Run: 30,937,513,984 bytes free
.
- - End Of File - - BD3735650C0F0968490A5B09A48193EA

1. Once again I didn't have any problems running ComboFix.
2. There were no problems to report.
3. The computer is still running great. I have used Google and Bing and have not seen an unwanted pop ups or been redirected to an unwanted site. It also seems to be a lot faster than it was.

Thanks,
Ronnie

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 15 April 2012 - 08:39 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 2
Java™ 6 Update 22
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 XXera

XXera
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 15 April 2012 - 10:59 PM

1. Here is the log from Malwarebytes:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ronald Keranen :: RRKDELL [administrator]

4/15/2012 10:23:42 PM
mbam-log-2012-04-15 (22-23-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229797
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2. Here is the log from Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:36:26 PM, on 4/15/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [PhoneTray] C:\Program Files\Traysoft\PhoneTray\PhoneTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cableone.net
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe (file missing)

--
End of file - 8003 bytes

3. Hijackthis had a couple of errors pop up, wanting me to submit them so they can improve their product. I clicked Yes both times, then Hijackthis continued its scan then recorded its log in Notepad.

4. I still have not been redirected to an unwanted site with Google or Bing. Also, I haven't seen an unwanted pop up ad yet. So far, everything looks great.

As of now, you have made an overwhelming task a lot easier than I expected. I appreciate the clear, up-to-date instructions.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 15 April 2012 - 11:11 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - Startup: AutorunsDisabled
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O4 - Global Startup: AutorunsDisabled
      O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 XXera

XXera
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 16 April 2012 - 01:52 AM

Here is the Eset log. I didn't have the copy/paste option available, but I was able to go into Windows Explorer to locate the log.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=28f64784affb7b49873d78610143f0f0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-16 05:48:13
# local_time=2012-04-16 12:48:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 50045999 50045999 0 0
# compatibility_mode=1024 16777175 100 0 117018 117018 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=81449
# found=0
# cleaned=0
# scan_time=4508
esets_scanner_update returned -1 esets_gle=53251


Thanks again for all your help.
Ronnie

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:48 PM

Posted 16 April 2012 - 02:15 AM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 XXera

XXera
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:48 PM

Posted 16 April 2012 - 10:40 AM

Thanks for your suggestions.

After running OTCleanIt, I still had the following on my desktop:

1. SecurityCheck
2. aswMBR and its log,
3. Defogger,
4. HiJackThis, and
5. mbam

I think I will take your advice and keep mbam, but should the others still be there? If not, how do you recommend me removing them?

Ronnie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users