Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google misdirect malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 LizMiL

LizMiL

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 08 May 2012 - 01:42 PM

Hi, I have an 8 year old Dell PC running XP SP3. It got infected with a trojan horse (AVG called it Generic12) and though I seem to have gotten rid of that, Chrome, Firefox and IE8 are still infected with a Google misdirect virus.

I've run multiple times: AVG Free (twice in offline recovery mode), AntiMalwareBytes, Spybot Search and Destroy, SuperAntiSpyware, TDSSKiller, TrendMicro Housecall.

Please let me know if you need more information. I've never posted on a forum like this before. Thank you.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Walter and Marilyn at 11:40:28 on 2012-05-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.47

[GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated*

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Belkin\Router Setup and

Monitor\BelkinRouterMonitor.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micr

osoft:en-US&ie=utf8&oe=utf8
uStart Page = https://www.rcn.com/boston/customer-center?ref=3
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper:

{06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} -

c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} -

c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f}

- c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper:

{761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO:

{af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class:

{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} -

c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} -

c:\progra~1\micros~3\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe"

/startup
uRun: [MoneyAgent] "c:\program files\microsoft

money\system\mnyexpr.exe"
uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [4Y3Y0C3A5V0FVY2JIS] c:\rbin\0A50B4EE4BA.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search &

destroy\TeaTimer.exe
mRun: [PCMService] "c:\program files\dell\media

experience\PCMService.exe"
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio

printer 922\dlbtbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe"

-atboottime
mRun: [MMTray] c:\program files\musicmatch\musicmatch

jukebox\mm_tray.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and

monitor\BelkinRouterMonitor.exe" startup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder:

c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk -

c:\program files\digital line detect\DLG.exe
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -

{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program

files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot -

search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.c

ab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5A4D88EF-6C3B-450B-A029-11C7EB42B8F5} :

DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da}

- c:\program files\superantispyware\SASSEH.DLL
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys

[2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit

Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader

Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus

Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys

[2012-2-22 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys

[2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS

[2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program

files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe

[2012-2-14 193288]
R3

AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sy

s [2011-12-23 139856]
R3

AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sy

s [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys

[2011-12-23 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program

files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 gupdate;Google Update Service (gupdate);c:\program

files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program

files\google\update\GoogleUpdate.exe [2010-2-3 135664]
.
=============== Created Last 30 ================
.
2012-05-08 14:51:53 -------- dc-h--w- c:\windows\ie8
2012-05-08 14:45:08 -------- d-----w-

C:\c8015d7a08f05b9bcc
2012-05-07 23:57:44 23040 ----a-w-

c:\windows\system32\dllcache\xrxwbtmp.dll
2012-05-07 23:57:44 116224 ----a-w-

c:\windows\system32\dllcache\xrxwiadr.dll
2012-05-07 23:57:43 18944 ----a-w-

c:\windows\system32\dllcache\xrxscnui.dll
2012-05-07 23:57:42 4608 ----a-w-

c:\windows\system32\dllcache\xrxflnch.exe
2012-05-07 23:57:42 27648 ----a-w-

c:\windows\system32\dllcache\xrxftplt.exe
2012-05-07 23:57:38 99865 ----a-w-

c:\windows\system32\dllcache\xlog.exe
2012-05-07 23:57:37 16970 ----a-w-

c:\windows\system32\dllcache\xem336n5.sys
2012-05-07 23:57:29 8192 ----a-w-

c:\windows\system32\dllcache\wshirda.dll
2012-05-07 23:57:04 8832 ----a-w-

c:\windows\system32\dllcache\wmiacpi.sys
2012-05-07 23:55:56 525568 ----a-w-

c:\windows\system32\dllcache\tridxp.dll
2012-05-07 23:54:59 58368 ----a-w-

c:\windows\system32\dllcache\smiminib.sys
2012-05-07 23:53:56 20992 ----a-w-

c:\windows\system32\dllcache\rtl8139.sys
2012-05-07 23:52:59 30495 ----a-w-

c:\windows\system32\dllcache\pc100nds.sys
2012-05-07 23:51:55 49024 ----a-w-

c:\windows\system32\dllcache\mstape.sys
2012-05-07 23:51:52 12416 ----a-w-

c:\windows\system32\dllcache\msriffwv.sys
2012-05-07 23:51:45 2944 ----a-w-

c:\windows\system32\dllcache\msmpu401.sys
2012-05-07 23:51:42 22016 ----a-w-

c:\windows\system32\dllcache\msircomm.sys
2012-05-07 23:51:41 98304 ----a-w-

c:\windows\system32\dllcache\msir3jp.dll
2012-05-07 23:51:30 35200 ----a-w-

c:\windows\system32\dllcache\msgame.sys
2012-05-07 23:51:29 6016 ----a-w-

c:\windows\system32\dllcache\msfsio.sys
2012-05-07 23:51:01 6528 ----a-w-

c:\windows\system32\dllcache\miniqic.sys
2012-05-07 23:49:57 14592 ----a-w-

c:\windows\system32\dllcache\kbdhid.sys
2012-05-07 23:48:59 9216 ----a-w-

c:\windows\system32\dllcache\ibmsgnet.dll
2012-05-07 23:47:58 71680 ----a-w-

c:\windows\system32\dllcache\fnfilter.dll
2012-05-07 23:46:59 334208 ----a-w-

c:\windows\system32\dllcache\ds1wdm.sys
2012-05-07 23:45:59 17152 ----a-w-

c:\windows\system32\dllcache\cyclad-z.sys
2012-05-07 23:44:59 714698 ----a-w-

c:\windows\system32\dllcache\cbmdmkxx.sys
2012-05-07 23:43:59 41472 ----a-w-

c:\windows\system32\dllcache\brmfusb.dll
2012-05-07 23:42:47 77568 ----a-w-

c:\windows\system32\dllcache\ati.sys
2012-05-07 23:41:34 66048 ----a-w-

c:\windows\system32\dllcache\s3legacy.dll
2012-05-01 14:27:33 1409 ----a-w- c:\windows\QTFont.for
2012-04-28 18:10:28 -------- d-----w- c:\documents

and settings\walter and marilyn\application data\SUPERAntiSpyware.com
2012-04-28 17:59:37 -------- d-----w- c:\program

files\SUPERAntiSpyware
2012-04-28 17:59:37 -------- d-----w- c:\documents

and settings\all users\application data\SUPERAntiSpyware.com
2012-04-19 08:50:26 24896 ----a-w-

c:\windows\system32\drivers\avgidshx.sys
2012-04-18 20:36:29 -------- d-----w- c:\program

files\Spybot - Search & Destroy
2012-04-18 20:36:29 -------- d-----w- c:\documents

and settings\all users\application data\Spybot - Search & Destroy
2012-04-18 19:26:17 22344 ----a-w-

c:\windows\system32\drivers\mbam.sys
2012-04-13 20:44:23 -------- d-----w- c:\documents

and settings\walter and marilyn\application data\AVG2012
2012-04-13 20:24:36 -------- d--h--w- C:\$AVG
2012-04-13 20:24:35 -------- d-----w-

c:\windows\system32\drivers\AVG
2012-04-13 20:24:34 -------- d-----w- c:\documents

and settings\all users\application data\AVG2012
.
==================== Find3M ====================
.
2012-03-19 09:17:28 301248 ----a-w-

c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25:32 235216 ----a-w-

c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 11:43:29.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 AM

Posted 09 May 2012 - 12:10 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 LizMiL

LizMiL
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 09 May 2012 - 08:55 PM

Thanks for your fast reply! I followed your instructions and the computer seems repaired. Google is no longer redirecting in Chrome, Firefox or IE8! Would you still like to see the Security Check and Combo Fix logs?

Thank you very much.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 AM

Posted 09 May 2012 - 09:07 PM

Yes I would like to see the reports - that is only the first step we will have more work to do to make sure there is nothing else on the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LizMiL

LizMiL
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 09 May 2012 - 09:09 PM

Here is the security check log: (I went in the wrong order and disabled AVG before running this, I apologize)

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
Java™ 6 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

Here is the combofix log:

ComboFix 12-05-09.01 - Walter and Marilyn 05/09/2012 20:48:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.186 [GMT -4:00]
Running from: c:\documents and settings\Walter and Marilyn\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\WALTER~1\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\Walter and Marilyn\Local Settings\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-08 14:51 . 2012-05-08 14:56 -------- dc-h--w- c:\windows\ie8
2012-05-08 14:45 . 2012-05-08 14:57 -------- d-----w- C:\c8015d7a08f05b9bcc
2012-05-07 23:45 . 2001-08-17 17:50 17152 ----a-w- c:\windows\system32\dllcache\cyclad-z.sys
2012-05-07 23:44 . 2001-08-17 17:28 714698 ----a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2012-05-07 23:43 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\brmfusb.dll
2012-05-07 23:42 . 2001-08-17 17:57 77568 ----a-w- c:\windows\system32\dllcache\ati.sys
2012-05-01 14:27 . 2012-05-07 21:41 1409 ----a-w- c:\windows\QTFont.for
2012-04-28 18:10 . 2012-04-28 18:10 -------- d-----w- c:\documents and settings\Walter and Marilyn\Application Data\SUPERAntiSpyware.com
2012-04-28 17:59 . 2012-04-28 18:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-28 17:59 . 2012-04-28 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 20:36 . 2012-04-18 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-18 20:36 . 2012-04-18 20:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-18 19:26 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 17:18 . 2012-04-18 17:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2012-04-18 17:13 . 2012-04-18 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-04-13 20:44 . 2012-04-13 20:44 -------- d-----w- c:\documents and settings\Walter and Marilyn\Application Data\AVG2012
2012-04-13 20:24 . 2012-04-13 20:24 -------- d-----w- C:\$AVG
2012-04-13 20:24 . 2012-05-10 00:15 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-13 20:24 . 2012-05-01 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 09:17 . 2012-02-22 09:25 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-30 290816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-19 77824]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-9-20 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04 122933 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-04-19 19:45 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUpdateAgent]
2010-10-12 19:21 2601912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-19 17:44 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-09-20 15:40 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-11 16:26 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-20 00:56 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-05 15:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/22/2012 5:25 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 9:53 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 9:53 AM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 11:29]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:53]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:53]
.
2004-10-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = https://www.rcn.com/boston/customer-center?ref=3
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-4Y3Y0C3A5V0FVY2JIS - c:\rbin\0A50B4EE4BA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 21:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1384)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\windows\SoftwareDistribution\Download\99850d4b678f32ff1b2d282f6458ffe7\update\update.exe
.
**************************************************************************
.
Completion time: 2012-05-09 21:19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 01:19
.
Pre-Run: 56,351,772,672 bytes free
Post-Run: 56,874,713,088 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 81DAC6A6D038B8B7D21C820E5B64A19B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 AM

Posted 09 May 2012 - 09:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LizMiL

LizMiL
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 09 May 2012 - 09:23 PM

TDSSKiller report:

22:22:09.0468 0996 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:22:10.0187 0996 ============================================================
22:22:10.0187 0996 Current date / time: 2012/05/09 22:22:10.0187
22:22:10.0187 0996 SystemInfo:
22:22:10.0187 0996
22:22:10.0187 0996 OS Version: 5.1.2600 ServicePack: 3.0
22:22:10.0187 0996 Product type: Workstation
22:22:10.0187 0996 ComputerName: ROSENFELD
22:22:10.0187 0996 UserName: Walter and Marilyn
22:22:10.0187 0996 Windows directory: C:\WINDOWS
22:22:10.0187 0996 System windows directory: C:\WINDOWS
22:22:10.0187 0996 Processor architecture: Intel x86
22:22:10.0187 0996 Number of processors: 2
22:22:10.0187 0996 Page size: 0x1000
22:22:10.0187 0996 Boot type: Normal boot
22:22:10.0187 0996 ============================================================
22:22:16.0515 0996 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:22:16.0546 0996 ============================================================
22:22:16.0546 0996 \Device\Harddisk0\DR0:
22:22:16.0546 0996 MBR partitions:
22:22:16.0546 0996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8DE6AAE
22:22:16.0546 0996 ============================================================
22:22:16.0609 0996 C: <-> \Device\Harddisk0\DR0\Partition0
22:22:16.0609 0996 ============================================================
22:22:16.0609 0996 Initialize success
22:22:16.0609 0996 ============================================================
22:22:19.0250 3876 ============================================================
22:22:19.0250 3876 Scan started
22:22:19.0250 3876 Mode: Manual;
22:22:19.0250 3876 ============================================================
22:22:20.0234 3876 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:22:20.0234 3876 !SASCORE - ok
22:22:20.0546 3876 Abiosdsk - ok
22:22:20.0640 3876 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
22:22:20.0640 3876 abp480n5 - ok
22:22:20.0687 3876 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:22:20.0703 3876 ACPI - ok
22:22:20.0781 3876 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:22:20.0781 3876 ACPIEC - ok
22:22:20.0875 3876 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
22:22:20.0890 3876 adpu160m - ok
22:22:20.0921 3876 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
22:22:20.0921 3876 aeaudio - ok
22:22:20.0953 3876 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:22:20.0968 3876 aec - ok
22:22:21.0031 3876 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
22:22:21.0031 3876 AFD - ok
22:22:21.0171 3876 AffinegyService (7f1130830b3ba85921519a5616e29803) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
22:22:21.0296 3876 AffinegyService - ok
22:22:21.0296 3876 AFGMp50 - ok
22:22:21.0343 3876 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
22:22:21.0343 3876 AFGSp50 - ok
22:22:21.0406 3876 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
22:22:21.0406 3876 agp440 - ok
22:22:21.0453 3876 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
22:22:21.0453 3876 agpCPQ - ok
22:22:21.0531 3876 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
22:22:21.0546 3876 Aha154x - ok
22:22:21.0546 3876 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
22:22:21.0562 3876 aic78u2 - ok
22:22:21.0593 3876 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
22:22:21.0593 3876 aic78xx - ok
22:22:21.0640 3876 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:22:21.0640 3876 Alerter - ok
22:22:21.0750 3876 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:22:21.0781 3876 ALG - ok
22:22:21.0812 3876 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
22:22:21.0812 3876 AliIde - ok
22:22:21.0843 3876 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
22:22:21.0859 3876 alim1541 - ok
22:22:21.0875 3876 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
22:22:21.0875 3876 amdagp - ok
22:22:21.0921 3876 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
22:22:21.0921 3876 amsint - ok
22:22:21.0921 3876 AppMgmt - ok
22:22:21.0937 3876 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
22:22:21.0937 3876 asc - ok
22:22:21.0953 3876 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
22:22:21.0953 3876 asc3350p - ok
22:22:21.0953 3876 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
22:22:21.0968 3876 asc3550 - ok
22:22:22.0046 3876 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:22:22.0078 3876 ASCTRM - ok
22:22:22.0203 3876 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
22:22:22.0203 3876 aspnet_state - ok
22:22:22.0265 3876 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:22:22.0265 3876 AsyncMac - ok
22:22:22.0359 3876 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:22:22.0390 3876 atapi - ok
22:22:22.0390 3876 Atdisk - ok
22:22:22.0484 3876 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
22:22:22.0515 3876 ati2mtag - ok
22:22:22.0625 3876 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:22:22.0625 3876 Atmarpc - ok
22:22:22.0734 3876 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:22:22.0734 3876 AudioSrv - ok
22:22:22.0765 3876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:22:22.0781 3876 audstub - ok
22:22:23.0250 3876 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
22:22:23.0515 3876 AVGIDSAgent - ok
22:22:23.0765 3876 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
22:22:23.0812 3876 AVGIDSDriver - ok
22:22:23.0843 3876 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
22:22:23.0859 3876 AVGIDSFilter - ok
22:22:23.0890 3876 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
22:22:23.0890 3876 AVGIDSHX - ok
22:22:23.0937 3876 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
22:22:23.0953 3876 AVGIDSShim - ok
22:22:24.0000 3876 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:22:24.0046 3876 Avgldx86 - ok
22:22:24.0109 3876 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:22:24.0109 3876 Avgmfx86 - ok
22:22:24.0218 3876 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:22:24.0234 3876 Avgrkx86 - ok
22:22:24.0296 3876 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:22:24.0312 3876 Avgtdix - ok
22:22:24.0531 3876 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:22:24.0546 3876 avgwd - ok
22:22:24.0593 3876 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:22:24.0593 3876 Beep - ok
22:22:24.0718 3876 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:22:24.0937 3876 BITS - ok
22:22:24.0984 3876 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:22:24.0984 3876 Browser - ok
22:22:25.0000 3876 bvrp_pci - ok
22:22:25.0000 3876 catchme - ok
22:22:25.0062 3876 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
22:22:25.0062 3876 cbidf - ok
22:22:25.0062 3876 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:22:25.0062 3876 cbidf2k - ok
22:22:25.0093 3876 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
22:22:25.0093 3876 cd20xrnt - ok
22:22:25.0171 3876 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:22:25.0171 3876 Cdaudio - ok
22:22:25.0218 3876 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:22:25.0234 3876 Cdfs - ok
22:22:25.0531 3876 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:22:25.0546 3876 Cdrom - ok
22:22:25.0546 3876 Changer - ok
22:22:25.0640 3876 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:22:25.0640 3876 CiSvc - ok
22:22:25.0828 3876 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:22:25.0843 3876 ClipSrv - ok
22:22:25.0906 3876 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
22:22:25.0921 3876 CmdIde - ok
22:22:25.0921 3876 COMSysApp - ok
22:22:26.0171 3876 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
22:22:26.0171 3876 Cpqarray - ok
22:22:26.0671 3876 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:22:26.0687 3876 CryptSvc - ok
22:22:26.0812 3876 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
22:22:26.0890 3876 dac2w2k - ok
22:22:26.0984 3876 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
22:22:26.0984 3876 dac960nt - ok
22:22:27.0046 3876 DcCam (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
22:22:27.0046 3876 DcCam - ok
22:22:27.0125 3876 DcFpoint (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
22:22:27.0125 3876 DcFpoint - ok
22:22:27.0156 3876 DCFS2K (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
22:22:27.0156 3876 DCFS2K - ok
22:22:27.0218 3876 DcLps (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
22:22:27.0218 3876 DcLps - ok
22:22:27.0312 3876 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:22:27.0359 3876 DcomLaunch - ok
22:22:27.0453 3876 DcPTP (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
22:22:27.0468 3876 DcPTP - ok
22:22:27.0515 3876 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:22:27.0562 3876 Dhcp - ok
22:22:27.0859 3876 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:22:27.0906 3876 Disk - ok
22:22:27.0921 3876 dlbt_device - ok
22:22:27.0921 3876 dmadmin - ok
22:22:28.0109 3876 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:22:28.0156 3876 dmboot - ok
22:22:28.0203 3876 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:22:28.0203 3876 dmio - ok
22:22:28.0234 3876 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:22:28.0250 3876 dmload - ok
22:22:28.0312 3876 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:22:28.0328 3876 dmserver - ok
22:22:28.0375 3876 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:22:28.0375 3876 DMusic - ok
22:22:28.0437 3876 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:22:28.0437 3876 Dnscache - ok
22:22:28.0562 3876 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:22:28.0562 3876 Dot3svc - ok
22:22:28.0625 3876 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
22:22:28.0640 3876 dpti2o - ok
22:22:28.0687 3876 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:22:28.0687 3876 drmkaud - ok
22:22:28.0765 3876 drvmcdb (049177996e5e33b5faf40cad2b82098c) C:\WINDOWS\system32\drivers\drvmcdb.sys
22:22:28.0765 3876 drvmcdb - ok
22:22:28.0828 3876 drvnddm (2f4134d073f972575c174e3d621f0107) C:\WINDOWS\system32\drivers\drvnddm.sys
22:22:28.0828 3876 drvnddm - ok
22:22:28.0890 3876 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:22:28.0890 3876 E100B - ok
22:22:28.0953 3876 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:22:28.0953 3876 EapHost - ok
22:22:29.0000 3876 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
22:22:29.0000 3876 EL90XBC - ok
22:22:29.0156 3876 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:22:29.0187 3876 ERSvc - ok
22:22:29.0250 3876 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:22:29.0281 3876 Eventlog - ok
22:22:29.0359 3876 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
22:22:29.0359 3876 EventSystem - ok
22:22:29.0437 3876 Exportit (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
22:22:29.0453 3876 Exportit - ok
22:22:29.0562 3876 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:22:29.0578 3876 Fastfat - ok
22:22:29.0656 3876 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:22:29.0671 3876 FastUserSwitchingCompatibility - ok
22:22:29.0734 3876 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:22:29.0750 3876 Fax - ok
22:22:29.0859 3876 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:22:29.0906 3876 Fdc - ok
22:22:29.0921 3876 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:22:29.0921 3876 Fips - ok
22:22:29.0968 3876 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:22:29.0968 3876 Flpydisk - ok
22:22:30.0046 3876 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:22:30.0046 3876 FltMgr - ok
22:22:30.0093 3876 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:22:30.0093 3876 Fs_Rec - ok
22:22:30.0281 3876 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:22:30.0296 3876 Ftdisk - ok
22:22:30.0359 3876 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:22:30.0375 3876 Gpc - ok
22:22:30.0562 3876 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:30.0578 3876 gupdate - ok
22:22:30.0578 3876 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:30.0578 3876 gupdatem - ok
22:22:30.0656 3876 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:22:30.0671 3876 gusvc - ok
22:22:30.0812 3876 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:22:30.0875 3876 helpsvc - ok
22:22:30.0875 3876 HidServ - ok
22:22:30.0937 3876 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:22:30.0937 3876 HidUsb - ok
22:22:30.0984 3876 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:22:31.0000 3876 hkmsvc - ok
22:22:31.0062 3876 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
22:22:31.0062 3876 hpn - ok
22:22:31.0265 3876 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:22:31.0281 3876 HSFHWBS2 - ok
22:22:31.0375 3876 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:22:31.0437 3876 HSF_DP - ok
22:22:31.0546 3876 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:22:31.0562 3876 HTTP - ok
22:22:31.0625 3876 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:22:31.0625 3876 HTTPFilter - ok
22:22:31.0687 3876 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:22:31.0687 3876 i2omgmt - ok
22:22:31.0718 3876 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
22:22:31.0718 3876 i2omp - ok
22:22:31.0843 3876 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:22:31.0859 3876 i8042prt - ok
22:22:31.0953 3876 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
22:22:31.0953 3876 i81x - ok
22:22:32.0015 3876 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
22:22:32.0046 3876 iAimFP0 - ok
22:22:32.0437 3876 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
22:22:32.0453 3876 iAimFP1 - ok
22:22:32.0484 3876 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
22:22:32.0531 3876 iAimFP2 - ok
22:22:32.0703 3876 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
22:22:32.0703 3876 iAimFP3 - ok
22:22:32.0750 3876 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
22:22:32.0750 3876 iAimFP4 - ok
22:22:32.0781 3876 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
22:22:32.0781 3876 iAimTV0 - ok
22:22:32.0812 3876 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
22:22:32.0812 3876 iAimTV1 - ok
22:22:32.0812 3876 iAimTV2 - ok
22:22:32.0828 3876 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
22:22:32.0828 3876 iAimTV3 - ok
22:22:32.0875 3876 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
22:22:32.0875 3876 iAimTV4 - ok
22:22:33.0390 3876 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:22:33.0828 3876 ialm - ok
22:22:33.0937 3876 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:22:33.0937 3876 Imapi - ok
22:22:34.0031 3876 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:22:34.0062 3876 ImapiService - ok
22:22:34.0140 3876 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
22:22:34.0171 3876 ini910u - ok
22:22:34.0218 3876 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
22:22:34.0234 3876 IntelIde - ok
22:22:34.0312 3876 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:22:34.0328 3876 intelppm - ok
22:22:34.0421 3876 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:22:34.0421 3876 ip6fw - ok
22:22:34.0453 3876 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:22:34.0453 3876 IpFilterDriver - ok
22:22:34.0578 3876 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:22:34.0593 3876 IpInIp - ok
22:22:34.0718 3876 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:22:34.0734 3876 IpNat - ok
22:22:34.0765 3876 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:22:34.0765 3876 IPSec - ok
22:22:34.0859 3876 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:22:34.0859 3876 IRENUM - ok
22:22:35.0015 3876 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:22:35.0046 3876 isapnp - ok
22:22:35.0359 3876 JavaQuickStarterService (32192b4ebe8720ed8d49a455c962cb91) C:\Program Files\Java\jre6\bin\jqs.exe
22:22:35.0359 3876 JavaQuickStarterService - ok
22:22:35.0406 3876 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:22:35.0406 3876 Kbdclass - ok
22:22:35.0531 3876 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:22:35.0546 3876 kmixer - ok
22:22:35.0625 3876 KodakCCS (b3f86266f372a97624f5d132da6e97e6) C:\WINDOWS\system32\drivers\KodakCCS.exe
22:22:35.0687 3876 KodakCCS - ok
22:22:35.0734 3876 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:22:35.0734 3876 KSecDD - ok
22:22:35.0812 3876 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:22:35.0812 3876 lanmanserver - ok
22:22:35.0875 3876 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:22:35.0906 3876 lanmanworkstation - ok
22:22:35.0906 3876 lbrtfdc - ok
22:22:35.0953 3876 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:22:35.0953 3876 LmHosts - ok
22:22:36.0078 3876 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:22:36.0093 3876 MDM - ok
22:22:36.0125 3876 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:22:36.0140 3876 mdmxsdk - ok
22:22:36.0234 3876 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:22:36.0250 3876 Messenger - ok
22:22:36.0312 3876 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:22:36.0312 3876 mnmdd - ok
22:22:36.0359 3876 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
22:22:36.0375 3876 mnmsrvc - ok
22:22:36.0421 3876 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:22:36.0421 3876 Modem - ok
22:22:36.0515 3876 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:22:36.0546 3876 MODEMCSA - ok
22:22:36.0593 3876 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:22:36.0593 3876 Mouclass - ok
22:22:36.0640 3876 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:22:36.0640 3876 mouhid - ok
22:22:36.0703 3876 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:22:36.0718 3876 MountMgr - ok
22:22:36.0796 3876 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:22:36.0796 3876 MozillaMaintenance - ok
22:22:36.0843 3876 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
22:22:36.0843 3876 mraid35x - ok
22:22:36.0906 3876 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:22:36.0921 3876 MRxDAV - ok
22:22:37.0062 3876 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:22:37.0125 3876 MRxSmb - ok
22:22:37.0187 3876 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
22:22:37.0187 3876 MSDTC - ok
22:22:37.0250 3876 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:22:37.0250 3876 Msfs - ok
22:22:37.0265 3876 MSIServer - ok
22:22:37.0328 3876 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:22:37.0328 3876 MSKSSRV - ok
22:22:37.0406 3876 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:22:37.0421 3876 MSPCLOCK - ok
22:22:37.0453 3876 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:22:37.0453 3876 MSPQM - ok
22:22:37.0484 3876 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:22:37.0515 3876 mssmbios - ok
22:22:37.0562 3876 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
22:22:37.0578 3876 Mup - ok
22:22:37.0625 3876 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
22:22:37.0625 3876 MxlW2k - ok
22:22:37.0687 3876 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:22:37.0718 3876 napagent - ok
22:22:37.0859 3876 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:22:37.0875 3876 NDIS - ok
22:22:37.0921 3876 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:22:37.0921 3876 NdisTapi - ok
22:22:37.0968 3876 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:22:37.0984 3876 Ndisuio - ok
22:22:38.0015 3876 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:22:38.0015 3876 NdisWan - ok
22:22:38.0125 3876 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:22:38.0140 3876 NDProxy - ok
22:22:38.0187 3876 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:22:38.0187 3876 NetBIOS - ok
22:22:38.0250 3876 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:22:38.0265 3876 NetBT - ok
22:22:38.0328 3876 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:22:38.0328 3876 NetDDE - ok
22:22:38.0375 3876 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:22:38.0375 3876 NetDDEdsdm - ok
22:22:38.0453 3876 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:22:38.0453 3876 Netlogon - ok
22:22:38.0515 3876 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:22:38.0531 3876 Netman - ok
22:22:38.0828 3876 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
22:22:38.0843 3876 NetSvc - ok
22:22:39.0046 3876 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:22:39.0062 3876 Nla - ok
22:22:39.0171 3876 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:22:39.0218 3876 Npfs - ok
22:22:39.0515 3876 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:22:39.0546 3876 Ntfs - ok
22:22:39.0562 3876 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
22:22:39.0562 3876 NtLmSsp - ok
22:22:39.0781 3876 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:22:39.0937 3876 NtmsSvc - ok
22:22:39.0984 3876 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:22:39.0984 3876 Null - ok
22:22:40.0187 3876 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:22:40.0765 3876 nv - ok
22:22:41.0125 3876 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:22:41.0140 3876 NwlnkFlt - ok
22:22:41.0171 3876 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:22:41.0171 3876 NwlnkFwd - ok
22:22:41.0265 3876 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
22:22:41.0265 3876 OMCI - ok
22:22:41.0453 3876 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:41.0468 3876 ose - ok
22:22:41.0531 3876 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
22:22:41.0531 3876 P3 - ok
22:22:41.0593 3876 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:22:41.0593 3876 Parport - ok
22:22:41.0656 3876 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:22:41.0656 3876 PartMgr - ok
22:22:41.0734 3876 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:22:41.0765 3876 ParVdm - ok
22:22:41.0828 3876 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:22:41.0843 3876 PCI - ok
22:22:41.0859 3876 PCIDump - ok
22:22:41.0921 3876 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:22:41.0921 3876 PCIIde - ok
22:22:41.0968 3876 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:22:41.0968 3876 Pcmcia - ok
22:22:41.0968 3876 PDCOMP - ok
22:22:41.0984 3876 PDFRAME - ok
22:22:42.0015 3876 PDRELI - ok
22:22:42.0031 3876 PDRFRAME - ok
22:22:42.0125 3876 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
22:22:42.0125 3876 perc2 - ok
22:22:42.0140 3876 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
22:22:42.0140 3876 perc2hib - ok
22:22:42.0203 3876 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:22:42.0203 3876 PlugPlay - ok
22:22:42.0234 3876 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:22:42.0234 3876 PolicyAgent - ok
22:22:42.0281 3876 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:22:42.0281 3876 PptpMiniport - ok
22:22:42.0437 3876 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:22:42.0453 3876 Processor - ok
22:22:42.0453 3876 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:22:42.0453 3876 ProtectedStorage - ok
22:22:42.0500 3876 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:22:42.0500 3876 PSched - ok
22:22:42.0562 3876 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:22:42.0562 3876 Ptilink - ok
22:22:42.0625 3876 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:22:42.0625 3876 PxHelp20 - ok
22:22:42.0687 3876 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
22:22:42.0703 3876 ql1080 - ok
22:22:42.0703 3876 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
22:22:42.0703 3876 Ql10wnt - ok
22:22:42.0718 3876 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
22:22:42.0718 3876 ql12160 - ok
22:22:42.0734 3876 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
22:22:42.0734 3876 ql1240 - ok
22:22:42.0750 3876 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
22:22:42.0765 3876 ql1280 - ok
22:22:42.0781 3876 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:22:42.0781 3876 RasAcd - ok
22:22:42.0984 3876 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:22:42.0984 3876 RasAuto - ok
22:22:43.0015 3876 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:22:43.0031 3876 Rasl2tp - ok
22:22:43.0093 3876 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:22:43.0109 3876 RasMan - ok
22:22:43.0156 3876 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:22:43.0156 3876 RasPppoe - ok
22:22:43.0265 3876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:22:43.0281 3876 Raspti - ok
22:22:43.0343 3876 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:22:43.0359 3876 Rdbss - ok
22:22:43.0375 3876 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:22:43.0375 3876 RDPCDD - ok
22:22:43.0546 3876 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:22:43.0562 3876 rdpdr - ok
22:22:43.0625 3876 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
22:22:43.0640 3876 RDPWD - ok
22:22:43.0703 3876 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:22:43.0718 3876 RDSessMgr - ok
22:22:43.0828 3876 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:22:43.0828 3876 redbook - ok
22:22:43.0906 3876 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:22:43.0921 3876 RemoteAccess - ok
22:22:43.0968 3876 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
22:22:43.0968 3876 RpcLocator - ok
22:22:44.0109 3876 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:22:44.0109 3876 RpcSs - ok
22:22:44.0171 3876 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
22:22:44.0187 3876 RSVP - ok
22:22:44.0250 3876 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:22:44.0265 3876 SamSs - ok
22:22:44.0390 3876 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:22:44.0390 3876 SASDIFSV - ok
22:22:44.0421 3876 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:22:44.0421 3876 SASKUTIL - ok
22:22:44.0484 3876 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:22:44.0500 3876 SCardSvr - ok
22:22:44.0562 3876 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:22:44.0578 3876 Schedule - ok
22:22:44.0625 3876 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:22:44.0625 3876 Secdrv - ok
22:22:44.0687 3876 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:22:44.0703 3876 seclogon - ok
22:22:44.0718 3876 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:22:44.0718 3876 SENS - ok
22:22:44.0828 3876 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:22:44.0828 3876 serenum - ok
22:22:44.0859 3876 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:22:44.0859 3876 Serial - ok
22:22:44.0921 3876 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:22:44.0937 3876 Sfloppy - ok
22:22:45.0062 3876 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:22:45.0078 3876 SharedAccess - ok
22:22:45.0156 3876 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:22:45.0156 3876 ShellHWDetection - ok
22:22:45.0171 3876 Simbad - ok
22:22:45.0203 3876 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
22:22:45.0218 3876 sisagp - ok
22:22:45.0328 3876 smwdm (4aa922332433cdeb8b82c072c212e32e) C:\WINDOWS\system32\drivers\smwdm.sys
22:22:45.0359 3876 smwdm - ok
22:22:45.0546 3876 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
22:22:45.0546 3876 Sparrow - ok
22:22:45.0578 3876 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:22:45.0593 3876 splitter - ok
22:22:45.0640 3876 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:22:45.0656 3876 Spooler - ok
22:22:45.0703 3876 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:22:45.0703 3876 sr - ok
22:22:45.0843 3876 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:22:45.0859 3876 srservice - ok
22:22:45.0937 3876 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:22:45.0953 3876 Srv - ok
22:22:46.0000 3876 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys
22:22:46.0000 3876 sscdbhk5 - ok
22:22:46.0125 3876 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:22:46.0140 3876 SSDPSRV - ok
22:22:46.0156 3876 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys
22:22:46.0156 3876 ssrtln - ok
22:22:46.0203 3876 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
22:22:46.0218 3876 StillCam - ok
22:22:46.0296 3876 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:22:46.0468 3876 stisvc - ok
22:22:46.0546 3876 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:22:46.0578 3876 swenum - ok
22:22:46.0609 3876 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:22:46.0609 3876 swmidi - ok
22:22:46.0625 3876 SwPrv - ok
22:22:46.0687 3876 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
22:22:46.0687 3876 symc810 - ok
22:22:46.0718 3876 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
22:22:46.0718 3876 symc8xx - ok
22:22:46.0734 3876 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
22:22:46.0734 3876 sym_hi - ok
22:22:46.0843 3876 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
22:22:46.0843 3876 sym_u3 - ok
22:22:46.0906 3876 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:22:46.0906 3876 sysaudio - ok
22:22:46.0968 3876 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:22:46.0968 3876 SysmonLog - ok
22:22:47.0078 3876 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:22:47.0093 3876 TapiSrv - ok
22:22:47.0187 3876 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:22:47.0234 3876 Tcpip - ok
22:22:47.0359 3876 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:22:47.0359 3876 TDPIPE - ok
22:22:47.0390 3876 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:22:47.0421 3876 TDTCP - ok
22:22:47.0437 3876 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:22:47.0437 3876 TermDD - ok
22:22:47.0578 3876 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:22:47.0593 3876 TermService - ok
22:22:47.0703 3876 tfsnboio (b0d311f33c5b4a5858e4e6c965a79267) C:\WINDOWS\system32\dla\tfsnboio.sys
22:22:47.0703 3876 tfsnboio - ok
22:22:47.0703 3876 tfsncofs (250f74fce5d1eccb29ad9abeb55f35d8) C:\WINDOWS\system32\dla\tfsncofs.sys
22:22:47.0703 3876 tfsncofs - ok
22:22:47.0718 3876 tfsndrct (e23291934c59e1741ba83582e7a209c0) C:\WINDOWS\system32\dla\tfsndrct.sys
22:22:47.0718 3876 tfsndrct - ok
22:22:47.0765 3876 tfsndres (0d863d020633025f1e4ad3e0e325d503) C:\WINDOWS\system32\dla\tfsndres.sys
22:22:47.0781 3876 tfsndres - ok
22:22:47.0875 3876 tfsnifs (e3e10696663e35062851a376299198bd) C:\WINDOWS\system32\dla\tfsnifs.sys
22:22:47.0890 3876 tfsnifs - ok
22:22:47.0906 3876 tfsnopio (00cc366bdcbd8a9a1c95c1c59900dd9b) C:\WINDOWS\system32\dla\tfsnopio.sys
22:22:47.0921 3876 tfsnopio - ok
22:22:47.0921 3876 tfsnpool (84a91d08f49831e8c24e4d25ddefae87) C:\WINDOWS\system32\dla\tfsnpool.sys
22:22:47.0921 3876 tfsnpool - ok
22:22:47.0968 3876 tfsnudf (55b761c6e2d4fcedac3b46b6c0724830) C:\WINDOWS\system32\dla\tfsnudf.sys
22:22:47.0968 3876 tfsnudf - ok
22:22:47.0984 3876 tfsnudfa (64c6e8c217e30ee595120c66f6e783ba) C:\WINDOWS\system32\dla\tfsnudfa.sys
22:22:47.0984 3876 tfsnudfa - ok
22:22:48.0078 3876 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:22:48.0078 3876 Themes - ok
22:22:48.0203 3876 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
22:22:48.0203 3876 TosIde - ok
22:22:48.0296 3876 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:22:48.0312 3876 TrkWks - ok
22:22:48.0406 3876 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:22:48.0421 3876 Udfs - ok
22:22:48.0468 3876 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
22:22:48.0468 3876 ultra - ok
22:22:48.0562 3876 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:22:48.0625 3876 Update - ok
22:22:48.0687 3876 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:22:48.0687 3876 upnphost - ok
22:22:48.0734 3876 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:22:48.0734 3876 UPS - ok
22:22:48.0859 3876 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:22:48.0875 3876 usbccgp - ok
22:22:48.0921 3876 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:22:48.0921 3876 usbehci - ok
22:22:48.0984 3876 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:22:48.0984 3876 usbhub - ok
22:22:49.0062 3876 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:22:49.0062 3876 usbprint - ok
22:22:49.0078 3876 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:22:49.0078 3876 usbscan - ok
22:22:49.0125 3876 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:22:49.0125 3876 USBSTOR - ok
22:22:49.0234 3876 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:22:49.0281 3876 usbuhci - ok
22:22:49.0343 3876 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:22:49.0375 3876 VgaSave - ok
22:22:49.0406 3876 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
22:22:49.0406 3876 viaagp - ok
22:22:49.0421 3876 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
22:22:49.0421 3876 ViaIde - ok
22:22:49.0531 3876 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:22:49.0578 3876 VolSnap - ok
22:22:49.0656 3876 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:22:49.0703 3876 VSS - ok
22:22:49.0765 3876 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:22:49.0781 3876 w32time - ok
22:22:49.0828 3876 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:22:49.0828 3876 Wanarp - ok
22:22:49.0843 3876 wanatw - ok
22:22:49.0859 3876 WDICA - ok
22:22:50.0046 3876 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:22:50.0078 3876 wdmaud - ok
22:22:50.0171 3876 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:22:50.0171 3876 WebClient - ok
22:22:50.0312 3876 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:22:50.0375 3876 winachsf - ok
22:22:50.0468 3876 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:22:50.0484 3876 winmgmt - ok
22:22:50.0625 3876 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
22:22:50.0625 3876 WmdmPmSN - ok
22:22:50.0671 3876 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:22:50.0687 3876 WmiApSrv - ok
22:22:50.0734 3876 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:22:50.0734 3876 WS2IFSL - ok
22:22:50.0812 3876 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:22:50.0812 3876 wscsvc - ok
22:22:50.0890 3876 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:22:50.0906 3876 wuauserv - ok
22:22:50.0968 3876 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:22:50.0984 3876 WZCSVC - ok
22:22:51.0031 3876 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:22:51.0046 3876 xmlprov - ok
22:22:51.0093 3876 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:22:51.0296 3876 \Device\Harddisk0\DR0 - ok
22:22:51.0328 3876 Boot (0x1200) (3cedea68b61a2306d405808abd7d626a) \Device\Harddisk0\DR0\Partition0
22:22:51.0343 3876 \Device\Harddisk0\DR0\Partition0 - ok
22:22:51.0343 3876 ============================================================
22:22:51.0343 3876 Scan finished
22:22:51.0343 3876 ============================================================
22:22:51.0359 1000 Detected object count: 0
22:22:51.0359 1000 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 AM

Posted 09 May 2012 - 09:29 PM

That looks very good and now I would like to see the aswMBR report when you have it ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LizMiL

LizMiL
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 09 May 2012 - 09:33 PM

Yes, running it now, thank you!

#10 LizMiL

LizMiL
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 09 May 2012 - 09:48 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 22:26:40
-----------------------------
22:26:40.156 OS Version: Windows 5.1.2600 Service Pack 3
22:26:40.156 Number of processors: 2 586 0x304
22:26:40.171 ComputerName: ROSENFELD UserName:
22:26:40.734 Initialize success
22:32:13.687 AVAST engine defs: 12050901
22:32:35.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:32:35.843 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
22:32:36.046 Disk 0 MBR read successfully
22:32:36.046 Disk 0 MBR scan
22:32:36.578 Disk 0 Windows XP default MBR code
22:32:36.968 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 47 MB offset 63
22:32:37.218 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 72653 MB offset 96390
22:32:37.265 Disk 0 Partition 3 00 DB CP/M / CTOS MSWIN4.1 3584 MB offset 148890420
22:32:38.093 Disk 0 scanning sectors +156232125
22:32:38.828 Disk 0 scanning C:\WINDOWS\system32\drivers
22:33:34.890 Service scanning
22:34:49.875 Modules scanning
22:35:30.562 Disk 0 trace - called modules:
22:35:30.609 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:35:30.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83385ab8]
22:35:30.609 3 CLASSPNP.SYS[f87f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x833ccb00]
22:35:31.234 AVAST engine scan C:\WINDOWS
22:36:30.953 AVAST engine scan C:\WINDOWS\system32
22:40:41.343 AVAST engine scan C:\WINDOWS\system32\drivers
22:41:06.234 AVAST engine scan C:\Documents and Settings\Walter and Marilyn
22:45:11.390 AVAST engine scan C:\Documents and Settings\All Users
22:46:20.656 Scan finished successfully
22:47:00.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Walter and Marilyn\Desktop\MBR.dat"
22:47:00.937 The log file has been saved successfully to "C:\Documents and Settings\Walter and Marilyn\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 AM

Posted 09 May 2012 - 10:12 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 LizMiL

LizMiL
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 10 May 2012 - 07:24 AM

I dropped the script over the combofix program and it ran, but first it asked if I wanted to update to a new version of combofix and I clicked Yes, I hope that was ok. The computer still seems to be running correctly, no longer redirecting from google in all three browsers I have loaded.

Here is the log:

ComboFix 12-05-10.02 - Walter and Marilyn 05/10/2012 7:53.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.148 [GMT -4:00]
Running from: c:\documents and settings\Walter and Marilyn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Walter and Marilyn\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 01:16 . 2012-05-10 01:16 -------- d-----w- c:\windows\LastGood
2012-05-08 14:51 . 2012-05-08 14:56 -------- dc-h--w- c:\windows\ie8
2012-05-08 14:45 . 2012-05-08 14:57 -------- d-----w- C:\c8015d7a08f05b9bcc
2012-05-07 23:47 . 2001-08-17 16:12 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys
2012-05-07 23:47 . 2001-08-17 16:12 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys
2012-05-07 23:45 . 2001-08-17 17:50 17152 ----a-w- c:\windows\system32\dllcache\cyclad-z.sys
2012-05-07 23:44 . 2001-08-17 17:28 714698 ----a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2012-05-07 23:43 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\brmfusb.dll
2012-05-07 23:42 . 2001-08-17 17:57 77568 ----a-w- c:\windows\system32\dllcache\ati.sys
2012-05-01 14:27 . 2012-05-07 21:41 1409 ----a-w- c:\windows\QTFont.for
2012-04-28 18:10 . 2012-04-28 18:10 -------- d-----w- c:\documents and settings\Walter and Marilyn\Application Data\SUPERAntiSpyware.com
2012-04-28 17:59 . 2012-04-28 18:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-28 17:59 . 2012-04-28 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 20:36 . 2012-04-18 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-18 20:36 . 2012-04-18 20:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-18 19:26 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 17:18 . 2012-04-18 17:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2012-04-18 17:13 . 2012-04-18 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-04-13 20:44 . 2012-04-13 20:44 -------- d-----w- c:\documents and settings\Walter and Marilyn\Application Data\AVG2012
2012-04-13 20:24 . 2012-04-13 20:24 -------- d-----w- C:\$AVG
2012-04-13 20:24 . 2012-05-10 00:15 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-13 20:24 . 2012-05-01 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 09:17 . 2012-02-22 09:25 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-04-21 01:19 . 2012-05-10 01:36 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-30 290816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-19 77824]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2004-04-19 131072]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-9-20 24576]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04 122933 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 14:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 14:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 14:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-19 19:45 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-04-19 19:45 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2003-06-18 17:00 200704 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonUpdateAgent]
2010-10-12 19:21 2601912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-05-19 17:44 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2004-09-20 15:40 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-11 16:26 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-20 00:56 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-05 15:52 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 21:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\SYSTEM32\DRIVERS\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2/22/2012 5:25 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 9:53 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 9:53 AM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/9/2012 9:36 PM 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 49936132
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
*Deregistered* - 49936132
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 11:29]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:53]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 13:53]
.
2004-10-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = https://www.rcn.com/boston/customer-center?ref=3
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Walter and Marilyn\Application Data\Mozilla\Firefox\Profiles\q4xuhayc.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-10 08:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-05-10 08:12:04
ComboFix-quarantined-files.txt 2012-05-10 12:11
ComboFix2.txt 2012-05-10 01:19
.
Pre-Run: 56,644,722,688 bytes free
Post-Run: 56,758,497,280 bytes free
.
- - End Of File - - 2970996D9881C01E25AF3260BEB86BB7

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 AM

Posted 10 May 2012 - 07:56 AM

double post :crazy:

Edited by gringo_pr, 10 May 2012 - 08:07 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 AM

Posted 10 May 2012 - 07:57 AM

Hello LizMiL

You are doing a great job!! :thumbup2:

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 7.0.9
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 LizMiL

LizMiL
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 10 May 2012 - 08:24 AM

OK, uninstalling programs now.

Two questions:

What is "Internet Explorer Default Page" I don't see anything with that exact name in the Revo window. Is it IE8?

Also, if I get a dialog box that the uninstall is not complete until restart, should I restart right then or can I wait until all programs are uninstalled then restart?

Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users