Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BANCOS.VO?, google redirect virus


  • This topic is locked This topic is locked
20 replies to this topic

#1 dlw8e

dlw8e

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 16 May 2012 - 04:35 AM

For the last week all links clicked on google searches have been redirected to click.get-answers-fast.com. After a few attempts to remove the malware using Symantec Endpoint, I downloaded Adaware Pro and deleted a ton (1200+) of traces from my computer. The redirects have been stopping and starting since then. I have been getting around it by using Opera instead of IE. I went online to look for a removal program/manual to fix the redirect virus and started digging through the registry for the specified settings/keys. I didn't change anything, however. While I was looking around for the culprits of the redirect virus I discovered some strange looking files:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run:

c:\cmos\xln.cpl
c:\cmos\xlr.exe
c:\cmos\xlr2.exe

HKEY_CURRENT_USER\rlx

I found a web site stating that these files could be connected to a trojan called BANCOS.VO. No antivirus program has picked BANCOS.VO up yet, though.

The problems continue and since neither Adaware or Symantec could fix it, I am worried that I will have to reinstall Windows XP to get it back to how it was last week.

Your help would be much appreciated.

Edited by dlw8e, 16 May 2012 - 04:36 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 16 May 2012 - 12:34 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 19 May 2012 - 01:09 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 dlw8e

dlw8e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 19 May 2012 - 08:53 PM

Security Check
checkup.txt

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Symantec Endpoint Protection
Ad-Aware Antivirus
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
``````````End of Log````````````

DDS
dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Family at 21:45:02 on 2012-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.419 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: contadorvisitas Toolbar: {eaafd3e7-1bcc-4f58-9300-071ef858c219} - c:\program files\contadorvisitas\prxtbcon0.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\documents and settings\family\local settings\application data\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: contadorvisitas Toolbar: {eaafd3e7-1bcc-4f58-9300-071ef858c219} - c:\program files\contadorvisitas\prxtbcon0.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\19.0.1084.46\npchrome_frame.dll
TB: contadorvisitas Toolbar: {eaafd3e7-1bcc-4f58-9300-071ef858c219} - c:\program files\contadorvisitas\prxtbcon0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [xlr] c:\cmos\xlr.exe
uRun: [xlr2] c:\cmos\xlr2.exe
uRun: [xln] c:\cmos\xln.cpl
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\documents and settings\family\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [Adobe] rundll32.exe "c:\documents and settings\family\local settings\application data\apple\adobe\ziczxmipr.dll",DllRegisterServer
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
dRun: [Adobe] rundll32.exe "c:\documents and settings\family\local settings\application data\apple\adobe\ziczxmipr.dll",DllRegisterServer
StartupFolder: c:\docume~1\family\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\documents and settings\family\local settings\application

data\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265131897854
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} -

hxxps://www.blockbuster.com/content/v.5.104.1.20110705104201/media/widevine/installer/WidevineMediaTransformer.exe
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{FCF5FE15-879D-4754-8C4B-D78DC726F843} : DhcpNameServer = 10.0.0.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\19.0.1084.46\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\documents and settings\family\local settings\application

data\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-5-14 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-5-14 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-5-14 217976]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-5-14 77816]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-13 2440632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-4 106104]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120518.006\NAVENG.SYS [2012-5-18 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120518.006\NAVEX15.SYS [2012-5-18 1589752]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-5-14 94584]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-5 136176]
S2 SkypeUpdate;Skype Updater;c:\documents and settings\family\local settings\application data\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-5 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2011-5-13 20328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-5 136176]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-5-14 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-5-14 93816]
.
=============== Created Last 30 ================
.
2012-05-16 08:11:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-15 07:00:28 -------- d-----w- c:\program files\MSXML 4.0
2012-05-14 06:33:39 -------- d-----w- c:\documents and settings\family\local settings\application data\adaware
2012-05-14 06:33:37 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-05-14 06:33:17 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-05-14 06:33:16 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-05-14 06:33:15 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-14 06:33:14 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-05-14 06:32:47 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-14 06:32:46 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-14 06:32:35 -------- d-----w- c:\windows\system32\drivers\VDD
2012-05-14 06:32:31 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-14 04:04:48 -------- d-----w- c:\documents and settings\family\application data\Ad-Aware Antivirus
2012-05-09 22:47:33 -------- d-----w- c:\documents and settings\family\local settings\application data\Opera
2012-05-05 22:14:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 23:17:07 26 ----a-w- c:\windows\winstart.bat
2012-05-03 23:17:07 222 ----a-w- c:\windows\tmpcpyis.bat
2012-05-03 23:17:07 122 ----a-w- c:\windows\tmpdelis.bat
2012-05-03 23:14:48 299520 ----a-w- c:\windows\uninst.exe
2012-05-03 23:11:49 -------- d-----w- c:\program files\Square Soft, Inc
2012-05-02 13:05:45 -------- d-----w- c:\program files\Sprint_Activation
2012-04-23 11:26:19 -------- d-----w- c:\documents and settings\family\application data\runic games
2012-04-22 23:08:18 -------- d-----w- c:\program files\Runic Games
.
==================== Find3M ====================
.
2012-05-09 23:56:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 21:45:55.23 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/2/2010 10:50:58 AM
System Uptime: 5/18/2012 2:30:25 AM (43 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | Microprocessor | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 30.312 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP459: 2/20/2012 7:41:59 PM - System Checkpoint
RP460: 2/22/2012 4:06:50 PM - System Checkpoint
RP461: 2/23/2012 4:12:57 PM - System Checkpoint
RP462: 2/25/2012 4:30:12 PM - System Checkpoint
RP463: 2/28/2012 12:27:44 PM - System Checkpoint
RP464: 3/1/2012 4:33:27 PM - System Checkpoint
RP465: 3/3/2012 5:25:18 AM - Software Distribution Service 3.0
RP466: 3/4/2012 10:01:30 AM - System Checkpoint
RP467: 3/5/2012 12:45:07 PM - System Checkpoint
RP468: 3/6/2012 2:37:34 PM - System Checkpoint
RP469: 3/7/2012 3:53:40 PM - System Checkpoint
RP470: 3/10/2012 5:58:11 AM - System Checkpoint
RP471: 3/12/2012 5:46:04 AM - System Checkpoint
RP472: 3/13/2012 8:29:20 AM - System Checkpoint
RP473: 3/14/2012 7:04:26 AM - Software Distribution Service 3.0
RP474: 3/15/2012 7:58:11 AM - System Checkpoint
RP475: 3/17/2012 5:44:10 AM - System Checkpoint
RP476: 3/19/2012 6:19:13 AM - System Checkpoint
RP477: 3/20/2012 1:44:54 PM - System Checkpoint
RP478: 3/22/2012 11:10:08 AM - System Checkpoint
RP479: 3/23/2012 1:26:26 PM - System Checkpoint
RP480: 3/23/2012 6:14:39 PM - Installed KODAK Share Button App.
RP481: 3/24/2012 6:31:53 PM - System Checkpoint
RP482: 3/25/2012 5:24:50 AM - Software Distribution Service 3.0
RP483: 3/26/2012 8:17:51 AM - System Checkpoint
RP484: 3/27/2012 12:38:57 PM - System Checkpoint
RP485: 3/28/2012 8:36:45 PM - System Checkpoint
RP486: 3/29/2012 8:55:52 PM - System Checkpoint
RP487: 3/31/2012 1:07:57 PM - System Checkpoint
RP488: 4/1/2012 10:34:51 PM - System Checkpoint
RP489: 4/3/2012 8:34:53 PM - System Checkpoint
RP490: 4/5/2012 8:34:27 AM - System Checkpoint
RP491: 4/6/2012 9:51:47 AM - System Checkpoint
RP492: 4/7/2012 10:45:23 AM - System Checkpoint
RP493: 4/8/2012 5:50:28 PM - System Checkpoint
RP494: 4/9/2012 8:15:29 PM - System Checkpoint
RP495: 4/11/2012 7:27:56 AM - System Checkpoint
RP496: 4/12/2012 5:19:25 AM - Software Distribution Service 3.0
RP497: 4/13/2012 5:20:36 AM - System Checkpoint
RP498: 4/14/2012 9:38:21 AM - System Checkpoint
RP499: 4/15/2012 11:11:01 AM - System Checkpoint
RP500: 4/16/2012 3:29:25 PM - System Checkpoint
RP501: 4/18/2012 8:27:45 AM - System Checkpoint
RP502: 4/19/2012 7:59:21 PM - System Checkpoint
RP503: 4/21/2012 8:24:18 AM - System Checkpoint
RP504: 4/22/2012 4:50:11 PM - System Checkpoint
RP505: 4/23/2012 5:40:10 PM - System Checkpoint
RP506: 4/24/2012 6:41:16 PM - System Checkpoint
RP507: 4/26/2012 7:00:57 AM - System Checkpoint
RP508: 4/27/2012 10:57:37 AM - System Checkpoint
RP509: 4/28/2012 5:25:51 PM - System Checkpoint
RP510: 4/29/2012 7:43:41 PM - System Checkpoint
RP511: 4/30/2012 9:38:44 PM - System Checkpoint
RP512: 5/2/2012 9:46:02 AM - System Checkpoint
RP513: 5/3/2012 6:17:27 PM - System Checkpoint
RP514: 5/4/2012 8:17:45 PM - System Checkpoint
RP515: 5/5/2012 10:34:09 PM - System Checkpoint
RP516: 5/6/2012 11:05:53 PM - System Checkpoint
RP517: 5/8/2012 10:23:00 AM - System Checkpoint
RP518: 5/9/2012 10:44:10 AM - System Checkpoint
RP519: 5/10/2012 3:00:49 AM - Software Distribution Service 3.0
RP520: 5/10/2012 8:59:20 AM - Restore Operation
RP521: 5/10/2012 9:05:29 AM - Restore Operation
RP522: 5/11/2012 9:35:17 AM - System Checkpoint
RP523: 5/12/2012 9:16:18 PM - System Checkpoint
RP524: 5/13/2012 10:21:01 PM - System Checkpoint
RP525: 5/14/2012 11:48:29 PM - System Checkpoint
RP526: 5/15/2012 3:00:19 AM - Software Distribution Service 3.0
RP527: 5/16/2012 10:18:08 AM - System Checkpoint
RP528: 5/17/2012 4:00:13 PM - System Checkpoint
RP529: 5/18/2012 5:29:31 PM - System Checkpoint
RP530: 5/19/2012 5:53:03 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
ALPS Touch Pad Driver
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BatMUD
Bonjour
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
CMUD 3.34
Conduit Engine
Conexant HDA D110 MDC V.92 Modem
contadorvisitas Toolbar
Diablo
DivX Setup
Dungeon Siege 2
Dungeon Siege II
DW WLAN Card Utility
Final Fantasy VII
Google Chrome Frame
Google Drive
Google Update Helper
Guild Wars
Hellfire
HeXen II
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java™ 6 Update 30
KODAK Share Button App
LiveUpdate 3.3 (Symantec Corporation)
MCCI Control Installer
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIRC
MMapper
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSHclient (remove only)
Neverwinter Nights Diamond Edition
OGA Notifier 2.0.0048.0
Opera 11.64
OverDrive Media Console
OZ776 SCR Driver V1.1.4.202
PC Wizard 2010.1.96
PowerDVD DX
Project64 1.6
QuickSet
QuickTime
RESIDENT EVIL2
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sierra Utilities
SigmaTel Audio
Skype Click to Call
Skype™ 5.5
Skype™ 5.8
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Steam
Symantec Endpoint Protection
System Requirements Lab for Intel
Torchlight
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.4053
Virtual PDF Printer 1.01
WebFldrs XP
Widevine Media Optimizer IE 6.0.0
Widevine Media Transformer Plugin 4.5.0
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
YAMAHA SoftSynthesizer S-YXG70
.
==== Event Viewer Messages From Past Week ========
.
5/14/2012 8:00:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/14/2012 7:31:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/14/2012 7:18:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sbaphd SbFw sbtis SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip WPS
5/14/2012 7:17:15 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2012 7:17:15 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2012 7:17:15 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2012 7:17:15 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2012 7:17:15 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2012 7:17:15 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2012 2:48:03 AM, error: Service Control Manager [7000] - The GFI VIPRE Antivirus Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/14/2012 2:48:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the GFI VIPRE Antivirus Service service to connect.
5/14/2012 2:24:17 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI
5/13/2012 11:45:26 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
5/12/2012 8:20:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/12/2012 8:20:27 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Sorry for taking so long to reply. I have been very busy at work. I am still experiencing the same google redirect problem as 48 hours or so ago. Thank you for your assistance.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 19 May 2012 - 09:09 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Symantec Endpoint Protection
AV: Lavasoft Ad-Aware


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 dlw8e

dlw8e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 21 May 2012 - 09:13 AM

COMBOFIX
log.txt

ComboFix 12-05-20.10 - Family 05/21/2012 8:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.319 [GMT -4:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\datagyn
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Family\Local Settings\Application Data\Apple\Adobe\ziczxmipr.dll
c:\documents and settings\Family\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 12:04 . 2012-05-21 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-15 07:00 . 2012-05-15 07:00 -------- d-----w- c:\program files\MSXML 4.0
2012-05-14 11:16 . 2012-05-14 11:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-05-14 06:46 . 2012-05-14 06:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-05-14 06:33 . 2012-05-14 06:33 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\adaware
2012-05-14 06:33 . 2012-05-14 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-05-09 22:47 . 2012-05-09 22:47 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\Opera
2012-05-09 22:47 . 2012-05-13 00:47 -------- d-----w- c:\program files\Opera
2012-05-05 22:14 . 2012-05-09 23:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 23:17 . 2012-05-03 23:17 222 ----a-w- c:\windows\tmpcpyis.bat
2012-05-03 23:17 . 2012-05-03 23:17 122 ----a-w- c:\windows\tmpdelis.bat
2012-05-03 23:17 . 2012-05-03 23:17 26 ----a-w- c:\windows\winstart.bat
2012-05-03 23:14 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe
2012-05-03 23:11 . 2012-05-03 23:11 -------- d-----w- c:\program files\Square Soft, Inc
2012-05-02 13:05 . 2012-05-02 13:05 -------- d-----w- c:\program files\Sprint_Activation
2012-05-02 13:05 . 2012-05-02 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2012-04-23 11:26 . 2012-04-23 11:26 -------- d-----w- c:\documents and settings\Family\Application Data\runic games
2012-04-22 23:08 . 2012-04-22 23:08 -------- d-----w- c:\program files\Runic Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 23:56 . 2011-07-20 22:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{eaafd3e7-1bcc-4f58-9300-071ef858c219}"= "c:\program files\contadorvisitas\prxtbcon0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
2011-01-17 14:54 175912 ----a-w- c:\program files\contadorvisitas\prxtbcon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{eaafd3e7-1bcc-4f58-9300-071ef858c219}"= "c:\program files\contadorvisitas\prxtbcon0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EAAFD3E7-1BCC-4F58-9300-071EF858C219}"= "c:\program files\contadorvisitas\prxtbcon0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-12 1242448]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-05-02 11396840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-11 128232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\documents and settings\Family\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Hexen 2\\glh2.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege II Demo\\DungeonSiege2.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Documents and Settings\\Family\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2012 7:13 PM 106104]
S0 cerc6;cerc6; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2012 11:03 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\documents and settings\Family\Local Settings\Application Data\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 6:14 PM 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 7:17 PM 23888]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [5/13/2011 4:59 PM 20328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2012 11:03 AM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 23:56]
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 15:02]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 15:02]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-515967899-1606980848-1004Core.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-11 18:08]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-515967899-1606980848-1004UA.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-11 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} - hxxps://www.blockbuster.com/content/v.5.104.1.20110705104201/media/widevine/installer/WidevineMediaTransformer.exe
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-xlr - c:\cmos\xlr.exe
HKCU-Run-xlr2 - c:\cmos\xlr2.exe
HKCU-Run-xln - c:\cmos\xln.cpl
HKCU-Run-Adobe - c:\documents and settings\Family\Local Settings\Application Data\Apple\Adobe\ziczxmipr.dll
HKU-Default-Run-Adobe - c:\documents and settings\Family\Local Settings\Application Data\Apple\Adobe\ziczxmipr.dll
SafeBoot-Symantec Antvirus
AddRemove-Final Fantasy VII - c:\program files\Square Soft
AddRemove-MCCI Control Installer - c:\program files\EMBARQ\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-21 09:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-05-21 09:07:08
ComboFix-quarantined-files.txt 2012-05-21 13:07
.
Pre-Run: 33,450,479,616 bytes free
Post-Run: 38,274,445,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1D441FA9B9D9EB1444C567FF5BEE5E23

How the computer is doing now

I chose to get rid of all but Symantec and ran ComboFix. It finished successfully and produced a log. It did not reboot the machine. I noticed that the google searches stopped being redirected in IE8. Before running ComboFix I had tried running a google search using the term "montecristo", and when I had tried to go to http://montecristo.com I was redirected to some kind of "click bid" website. I repeated the search and was able to access http://montecristo.com. Excellent! I then tried watching a streaming video on youtube and noticed there was no sound and that the mute button didn't work. I tried opening the volume control from accessories and it said I didn't have a mixer installed. So I rebooted it and I'm able to watch streaming video.

Two questions I have are:
Is the virus gone?
Should I update any programs to prevent the infection from returning? I noticed that ComboFix deleted a weird looking Adobe file, so maybe the way in was via an outdated version of Acrobat...I'm not sure what it was, or what caused it to work, though.

Thanks for your help thus far.

Edited by dlw8e, 21 May 2012 - 09:15 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 21 May 2012 - 01:31 PM

Greetings


Two questions I have are:
Is the virus gone?
Should I update any programs to prevent the infection from returning? I noticed that ComboFix deleted a weird looking Adobe file, so maybe the way in was via an outdated version of Acrobat...I'm not sure what it was, or what caused it to work, though.


That was the first step, but it looks good so far.



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 dlw8e

dlw8e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 22 May 2012 - 07:44 AM

TDSSKILLER

08:11:10.0453 2416 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:11:10.0937 2416 ============================================================
08:11:10.0937 2416 Current date / time: 2012/05/22 08:11:10.0937
08:11:10.0937 2416 SystemInfo:
08:11:10.0937 2416
08:11:10.0937 2416 OS Version: 5.1.2600 ServicePack: 3.0
08:11:10.0937 2416 Product type: Workstation
08:11:10.0937 2416 ComputerName: DELL-CC59734E1C
08:11:10.0937 2416 UserName: Family
08:11:10.0937 2416 Windows directory: C:\WINDOWS
08:11:10.0937 2416 System windows directory: C:\WINDOWS
08:11:10.0937 2416 Processor architecture: Intel x86
08:11:10.0937 2416 Number of processors: 2
08:11:10.0937 2416 Page size: 0x1000
08:11:10.0937 2416 Boot type: Normal boot
08:11:10.0937 2416 ============================================================
08:11:13.0171 2416 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:11:13.0203 2416 ============================================================
08:11:13.0203 2416 \Device\Harddisk0\DR0:
08:11:13.0203 2416 MBR partitions:
08:11:13.0203 2416 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
08:11:13.0203 2416 ============================================================
08:11:13.0515 2416 C: <-> \Device\Harddisk0\DR0\Partition0
08:11:13.0515 2416 ============================================================
08:11:13.0515 2416 Initialize success
08:11:13.0515 2416 ============================================================
08:11:18.0953 2676 ============================================================
08:11:18.0953 2676 Scan started
08:11:18.0953 2676 Mode: Manual;
08:11:18.0953 2676 ============================================================
08:11:19.0703 2676 Abiosdsk - ok
08:11:19.0703 2676 abp480n5 - ok
08:11:19.0781 2676 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:11:19.0781 2676 ACPI - ok
08:11:19.0828 2676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:11:19.0843 2676 ACPIEC - ok
08:11:19.0968 2676 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:11:19.0984 2676 AdobeFlashPlayerUpdateSvc - ok
08:11:19.0984 2676 adpu160m - ok
08:11:20.0046 2676 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:11:20.0062 2676 aec - ok
08:11:20.0109 2676 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:11:20.0109 2676 AFD - ok
08:11:20.0125 2676 Aha154x - ok
08:11:20.0125 2676 aic78u2 - ok
08:11:20.0140 2676 aic78xx - ok
08:11:20.0156 2676 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:11:20.0156 2676 Alerter - ok
08:11:20.0171 2676 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:11:20.0171 2676 ALG - ok
08:11:20.0171 2676 AliIde - ok
08:11:20.0187 2676 amsint - ok
08:11:20.0218 2676 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:11:20.0234 2676 ApfiltrService - ok
08:11:20.0281 2676 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
08:11:20.0281 2676 APPDRV - ok
08:11:20.0484 2676 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
08:11:20.0484 2676 Apple Mobile Device - ok
08:11:20.0562 2676 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:11:20.0562 2676 AppMgmt - ok
08:11:20.0562 2676 asc - ok
08:11:20.0578 2676 asc3350p - ok
08:11:20.0578 2676 asc3550 - ok
08:11:20.0640 2676 ASFIPmon (a8fd25a183faedd810efcddb8118ca50) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
08:11:20.0640 2676 ASFIPmon - ok
08:11:20.0781 2676 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:11:20.0906 2676 aspnet_state - ok
08:11:20.0953 2676 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:11:20.0968 2676 AsyncMac - ok
08:11:21.0015 2676 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:11:21.0031 2676 atapi - ok
08:11:21.0031 2676 Atdisk - ok
08:11:21.0078 2676 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:11:21.0109 2676 Atmarpc - ok
08:11:21.0156 2676 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:11:21.0171 2676 AudioSrv - ok
08:11:21.0234 2676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:11:21.0234 2676 audstub - ok
08:11:21.0296 2676 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
08:11:21.0312 2676 b57w2k - ok
08:11:21.0343 2676 BASFND (3d87b0484be1093c6614062701f375c5) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
08:11:21.0343 2676 BASFND - ok
08:11:21.0703 2676 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:11:21.0796 2676 BCM43XX - ok
08:11:22.0015 2676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:11:22.0015 2676 Beep - ok
08:11:22.0093 2676 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:11:22.0125 2676 BITS - ok
08:11:22.0296 2676 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
08:11:22.0296 2676 Bonjour Service - ok
08:11:22.0343 2676 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:11:22.0375 2676 Browser - ok
08:11:22.0656 2676 catchme - ok
08:11:22.0703 2676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:11:22.0718 2676 cbidf2k - ok
08:11:22.0765 2676 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:11:22.0765 2676 CCDECODE - ok
08:11:22.0890 2676 ccEvtMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:11:22.0890 2676 ccEvtMgr - ok
08:11:22.0906 2676 ccSetMgr (4ed0778cf4e1c2406db5fd456f2ed746) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
08:11:22.0906 2676 ccSetMgr - ok
08:11:22.0906 2676 cd20xrnt - ok
08:11:22.0968 2676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:11:22.0968 2676 Cdaudio - ok
08:11:23.0031 2676 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:11:23.0031 2676 Cdfs - ok
08:11:23.0093 2676 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:11:23.0093 2676 Cdrom - ok
08:11:23.0093 2676 cerc6 - ok
08:11:23.0109 2676 Changer - ok
08:11:23.0125 2676 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:11:23.0140 2676 CiSvc - ok
08:11:23.0171 2676 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:11:23.0171 2676 ClipSrv - ok
08:11:23.0265 2676 clr_optimization_v2.0.50727_32 (7fa87325900183197bc9710d1ce4c9fa) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:11:23.0390 2676 clr_optimization_v2.0.50727_32 - ok
08:11:23.0453 2676 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:11:23.0453 2676 CmBatt - ok
08:11:23.0453 2676 CmdIde - ok
08:11:23.0515 2676 COH_Mon (86a22dff16e8ca67601044efe6825537) C:\WINDOWS\system32\Drivers\COH_Mon.sys
08:11:23.0515 2676 COH_Mon - ok
08:11:23.0546 2676 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:11:23.0546 2676 Compbatt - ok
08:11:23.0546 2676 COMSysApp - ok
08:11:23.0562 2676 Cpqarray - ok
08:11:23.0625 2676 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
08:11:23.0640 2676 cpudrv - ok
08:11:23.0687 2676 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
08:11:23.0703 2676 cpuz134 - ok
08:11:23.0750 2676 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:11:23.0765 2676 CryptSvc - ok
08:11:23.0781 2676 dac2w2k - ok
08:11:23.0781 2676 dac960nt - ok
08:11:23.0906 2676 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:11:23.0921 2676 DcomLaunch - ok
08:11:23.0953 2676 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:11:23.0953 2676 Dhcp - ok
08:11:24.0000 2676 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:11:24.0000 2676 Disk - ok
08:11:24.0031 2676 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
08:11:24.0046 2676 DLABMFSM - ok
08:11:24.0046 2676 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
08:11:24.0046 2676 DLABOIOM - ok
08:11:24.0078 2676 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:11:24.0093 2676 DLACDBHM - ok
08:11:24.0093 2676 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
08:11:24.0093 2676 DLADResM - ok
08:11:24.0109 2676 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
08:11:24.0109 2676 DLAIFS_M - ok
08:11:24.0125 2676 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
08:11:24.0125 2676 DLAOPIOM - ok
08:11:24.0125 2676 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
08:11:24.0125 2676 DLAPoolM - ok
08:11:24.0140 2676 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
08:11:24.0140 2676 DLARTL_M - ok
08:11:24.0156 2676 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
08:11:24.0156 2676 DLAUDFAM - ok
08:11:24.0171 2676 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
08:11:24.0171 2676 DLAUDF_M - ok
08:11:24.0171 2676 dmadmin - ok
08:11:24.0281 2676 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:11:24.0328 2676 dmboot - ok
08:11:24.0359 2676 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:11:24.0375 2676 dmio - ok
08:11:24.0406 2676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:11:24.0406 2676 dmload - ok
08:11:24.0468 2676 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:11:24.0468 2676 dmserver - ok
08:11:24.0515 2676 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:11:24.0531 2676 DMusic - ok
08:11:24.0593 2676 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:11:24.0593 2676 Dnscache - ok
08:11:24.0671 2676 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:11:24.0671 2676 Dot3svc - ok
08:11:24.0671 2676 dpti2o - ok
08:11:24.0718 2676 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:11:24.0718 2676 drmkaud - ok
08:11:24.0781 2676 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:11:24.0781 2676 DRVMCDB - ok
08:11:24.0828 2676 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:11:24.0828 2676 DRVNDDM - ok
08:11:24.0890 2676 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:11:24.0890 2676 EapHost - ok
08:11:25.0140 2676 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:11:25.0156 2676 eeCtrl - ok
08:11:25.0218 2676 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:11:25.0234 2676 EraserUtilRebootDrv - ok
08:11:25.0296 2676 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:11:25.0312 2676 ERSvc - ok
08:11:25.0375 2676 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:11:25.0375 2676 Eventlog - ok
08:11:25.0468 2676 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:11:25.0468 2676 EventSystem - ok
08:11:25.0531 2676 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:11:25.0593 2676 Fastfat - ok
08:11:25.0656 2676 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:11:25.0687 2676 FastUserSwitchingCompatibility - ok
08:11:25.0718 2676 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:11:25.0734 2676 Fdc - ok
08:11:25.0750 2676 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:11:25.0750 2676 Fips - ok
08:11:25.0765 2676 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:11:25.0781 2676 Flpydisk - ok
08:11:25.0843 2676 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:11:25.0843 2676 FltMgr - ok
08:11:25.0968 2676 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:11:26.0000 2676 FontCache3.0.0.0 - ok
08:11:26.0062 2676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:11:26.0062 2676 Fs_Rec - ok
08:11:26.0078 2676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:11:26.0078 2676 Ftdisk - ok
08:11:26.0125 2676 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:11:26.0125 2676 GEARAspiWDM - ok
08:11:26.0171 2676 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:11:26.0187 2676 Gpc - ok
08:11:26.0250 2676 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
08:11:26.0250 2676 guardian2 - ok
08:11:26.0328 2676 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:11:26.0328 2676 gupdate - ok
08:11:26.0343 2676 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:11:26.0343 2676 gupdatem - ok
08:11:26.0390 2676 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:11:26.0421 2676 HDAudBus - ok
08:11:26.0546 2676 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:11:26.0546 2676 helpsvc - ok
08:11:26.0593 2676 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:11:26.0609 2676 HidServ - ok
08:11:26.0687 2676 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:11:26.0687 2676 HidUsb - ok
08:11:26.0718 2676 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:11:26.0718 2676 hkmsvc - ok
08:11:26.0718 2676 hpn - ok
08:11:26.0859 2676 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
08:11:26.0875 2676 HSF_DPV - ok
08:11:26.0906 2676 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
08:11:26.0906 2676 HSXHWAZL - ok
08:11:26.0984 2676 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:11:26.0984 2676 HTTP - ok
08:11:27.0046 2676 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:11:27.0046 2676 HTTPFilter - ok
08:11:27.0046 2676 i2omgmt - ok
08:11:27.0062 2676 i2omp - ok
08:11:27.0125 2676 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:11:27.0125 2676 i8042prt - ok
08:11:27.0656 2676 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:11:27.0921 2676 ialm - ok
08:11:28.0218 2676 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:11:28.0296 2676 idsvc - ok
08:11:28.0390 2676 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:11:28.0390 2676 Imapi - ok
08:11:28.0421 2676 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:11:28.0421 2676 ImapiService - ok
08:11:28.0421 2676 ini910u - ok
08:11:28.0437 2676 IntelIde - ok
08:11:28.0500 2676 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:11:28.0500 2676 intelppm - ok
08:11:28.0515 2676 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:11:28.0531 2676 Ip6Fw - ok
08:11:28.0609 2676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:11:28.0625 2676 IpFilterDriver - ok
08:11:28.0640 2676 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:11:28.0656 2676 IpInIp - ok
08:11:28.0687 2676 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:11:28.0687 2676 IpNat - ok
08:11:28.0859 2676 iPod Service (1e6f080d5edb4c3b4c4eb787a0848dcc) C:\Program Files\iPod\bin\iPodService.exe
08:11:28.0875 2676 iPod Service - ok
08:11:28.0937 2676 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:11:28.0937 2676 IPSec - ok
08:11:29.0000 2676 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:11:29.0015 2676 IRENUM - ok
08:11:29.0078 2676 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:11:29.0078 2676 isapnp - ok
08:11:29.0171 2676 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
08:11:29.0171 2676 JavaQuickStarterService - ok
08:11:29.0218 2676 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:11:29.0234 2676 Kbdclass - ok
08:11:29.0296 2676 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:11:29.0296 2676 kmixer - ok
08:11:29.0359 2676 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:11:29.0375 2676 KSecDD - ok
08:11:29.0421 2676 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:11:29.0437 2676 LanmanServer - ok
08:11:29.0515 2676 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:11:29.0515 2676 lanmanworkstation - ok
08:11:29.0515 2676 lbrtfdc - ok
08:11:29.0953 2676 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:11:30.0015 2676 LiveUpdate - ok
08:11:30.0187 2676 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:11:30.0203 2676 LmHosts - ok
08:11:30.0375 2676 McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files\Common Files\Motive\McciCMService.exe
08:11:30.0390 2676 McciCMService - ok
08:11:30.0546 2676 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:11:30.0562 2676 MDM - ok
08:11:30.0671 2676 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:11:30.0671 2676 mdmxsdk - ok
08:11:30.0718 2676 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:11:30.0718 2676 Messenger - ok
08:11:30.0812 2676 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:11:30.0937 2676 Microsoft Office Groove Audit Service - ok
08:11:30.0968 2676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:11:30.0968 2676 mnmdd - ok
08:11:31.0031 2676 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:11:31.0031 2676 mnmsrvc - ok
08:11:31.0062 2676 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:11:31.0062 2676 Modem - ok
08:11:31.0109 2676 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:11:31.0109 2676 Mouclass - ok
08:11:31.0156 2676 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:11:31.0171 2676 mouhid - ok
08:11:31.0187 2676 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:11:31.0187 2676 MountMgr - ok
08:11:31.0187 2676 mraid35x - ok
08:11:31.0250 2676 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:11:31.0265 2676 MREMP50 - ok
08:11:31.0281 2676 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:11:31.0296 2676 MRESP50 - ok
08:11:31.0328 2676 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:11:31.0328 2676 MRxDAV - ok
08:11:31.0406 2676 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:11:31.0437 2676 MRxSmb - ok
08:11:31.0484 2676 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:11:31.0484 2676 MSDTC - ok
08:11:31.0531 2676 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:11:31.0531 2676 Msfs - ok
08:11:31.0531 2676 MSIServer - ok
08:11:31.0578 2676 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:11:31.0593 2676 MSKSSRV - ok
08:11:31.0593 2676 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:11:31.0609 2676 MSPCLOCK - ok
08:11:31.0640 2676 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:11:31.0656 2676 MSPQM - ok
08:11:31.0703 2676 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:11:31.0703 2676 mssmbios - ok
08:11:31.0765 2676 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:11:31.0765 2676 MSTEE - ok
08:11:31.0812 2676 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:11:31.0812 2676 Mup - ok
08:11:31.0859 2676 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:11:31.0875 2676 NABTSFEC - ok
08:11:31.0953 2676 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:11:31.0953 2676 napagent - ok
08:11:32.0156 2676 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120521.020\NAVENG.SYS
08:11:32.0156 2676 NAVENG - ok
08:11:32.0296 2676 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120521.020\NAVEX15.SYS
08:11:32.0343 2676 NAVEX15 - ok
08:11:32.0484 2676 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:11:32.0500 2676 NDIS - ok
08:11:32.0578 2676 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:11:32.0578 2676 NdisIP - ok
08:11:32.0625 2676 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:11:32.0625 2676 NdisTapi - ok
08:11:32.0687 2676 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:11:32.0687 2676 Ndisuio - ok
08:11:32.0750 2676 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:11:32.0750 2676 NdisWan - ok
08:11:32.0781 2676 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:11:32.0781 2676 NDProxy - ok
08:11:32.0812 2676 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:11:32.0812 2676 NetBIOS - ok
08:11:32.0875 2676 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:11:32.0890 2676 NetBT - ok
08:11:32.0937 2676 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:11:32.0937 2676 NetDDE - ok
08:11:32.0953 2676 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:11:32.0953 2676 NetDDEdsdm - ok
08:11:32.0953 2676 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:32.0953 2676 Netlogon - ok
08:11:33.0000 2676 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:11:33.0031 2676 Netman - ok
08:11:33.0234 2676 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:11:33.0250 2676 NetTcpPortSharing - ok
08:11:33.0500 2676 NICCONFIGSVC (c82dcfcc00c10b91346abb953ff79ee8) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
08:11:33.0515 2676 NICCONFIGSVC - ok
08:11:33.0593 2676 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:11:33.0593 2676 Nla - ok
08:11:33.0640 2676 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:11:33.0640 2676 Npfs - ok
08:11:33.0781 2676 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:11:33.0781 2676 Ntfs - ok
08:11:33.0828 2676 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:33.0828 2676 NtLmSsp - ok
08:11:33.0906 2676 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:11:33.0937 2676 NtmsSvc - ok
08:11:33.0984 2676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:11:33.0984 2676 Null - ok
08:11:34.0046 2676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:11:34.0062 2676 NwlnkFlt - ok
08:11:34.0078 2676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:11:34.0093 2676 NwlnkFwd - ok
08:11:34.0281 2676 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:11:34.0343 2676 odserv - ok
08:11:34.0406 2676 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:11:34.0531 2676 ose - ok
08:11:34.0593 2676 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:11:34.0593 2676 Parport - ok
08:11:34.0640 2676 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:11:34.0640 2676 PartMgr - ok
08:11:34.0687 2676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:11:34.0703 2676 ParVdm - ok
08:11:34.0750 2676 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:11:34.0765 2676 PCI - ok
08:11:34.0765 2676 PCIDump - ok
08:11:34.0812 2676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:11:34.0812 2676 PCIIde - ok
08:11:34.0843 2676 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:11:34.0843 2676 Pcmcia - ok
08:11:34.0859 2676 PDCOMP - ok
08:11:34.0875 2676 PDFRAME - ok
08:11:34.0875 2676 PDRELI - ok
08:11:34.0890 2676 PDRFRAME - ok
08:11:34.0890 2676 perc2 - ok
08:11:34.0906 2676 perc2hib - ok
08:11:34.0968 2676 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:11:34.0968 2676 PlugPlay - ok
08:11:35.0000 2676 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:35.0000 2676 PolicyAgent - ok
08:11:35.0015 2676 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:11:35.0015 2676 PptpMiniport - ok
08:11:35.0015 2676 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:35.0015 2676 ProtectedStorage - ok
08:11:35.0031 2676 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:11:35.0031 2676 PSched - ok
08:11:35.0046 2676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:11:35.0046 2676 Ptilink - ok
08:11:35.0093 2676 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:11:35.0093 2676 PxHelp20 - ok
08:11:35.0093 2676 ql1080 - ok
08:11:35.0109 2676 Ql10wnt - ok
08:11:35.0109 2676 ql12160 - ok
08:11:35.0125 2676 ql1240 - ok
08:11:35.0125 2676 ql1280 - ok
08:11:35.0187 2676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:11:35.0187 2676 RasAcd - ok
08:11:35.0250 2676 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:11:35.0250 2676 RasAuto - ok
08:11:35.0312 2676 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:11:35.0312 2676 Rasl2tp - ok
08:11:35.0328 2676 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:11:35.0359 2676 RasMan - ok
08:11:35.0375 2676 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:11:35.0375 2676 RasPppoe - ok
08:11:35.0375 2676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:11:35.0375 2676 Raspti - ok
08:11:35.0453 2676 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:11:35.0453 2676 Rdbss - ok
08:11:35.0468 2676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:11:35.0468 2676 RDPCDD - ok
08:11:35.0562 2676 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:11:35.0562 2676 rdpdr - ok
08:11:35.0625 2676 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:11:35.0625 2676 RDPWD - ok
08:11:35.0687 2676 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:11:35.0703 2676 RDSessMgr - ok
08:11:35.0703 2676 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:11:35.0703 2676 redbook - ok
08:11:35.0750 2676 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:11:35.0750 2676 RemoteAccess - ok
08:11:35.0796 2676 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:11:35.0812 2676 RemoteRegistry - ok
08:11:35.0859 2676 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:11:35.0859 2676 RpcLocator - ok
08:11:35.0984 2676 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:11:35.0984 2676 RpcSs - ok
08:11:36.0062 2676 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:11:36.0062 2676 RSVP - ok
08:11:36.0109 2676 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:36.0109 2676 SamSs - ok
08:11:36.0109 2676 SBRE - ok
08:11:36.0187 2676 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:11:36.0187 2676 SCardSvr - ok
08:11:36.0250 2676 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:11:36.0281 2676 Schedule - ok
08:11:36.0296 2676 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:11:36.0312 2676 Secdrv - ok
08:11:36.0375 2676 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:11:36.0390 2676 seclogon - ok
08:11:36.0406 2676 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:11:36.0406 2676 SENS - ok
08:11:36.0453 2676 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:11:36.0468 2676 serenum - ok
08:11:36.0468 2676 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:11:36.0468 2676 Serial - ok
08:11:36.0484 2676 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:11:36.0500 2676 Sfloppy - ok
08:11:36.0593 2676 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:11:36.0625 2676 SharedAccess - ok
08:11:36.0703 2676 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:11:36.0718 2676 ShellHWDetection - ok
08:11:36.0718 2676 Simbad - ok
08:11:36.0890 2676 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Documents and Settings\Family\Local Settings\Application Data\Skype\Updater\Updater.exe
08:11:36.0906 2676 SkypeUpdate - ok
08:11:36.0953 2676 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:11:36.0968 2676 SLIP - ok
08:11:37.0328 2676 SmcService (e9859a09625b68225f9bf35838d4cfd5) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
08:11:37.0406 2676 SmcService - ok
08:11:37.0500 2676 SNAC (d3b6133b0bf6620643e5f36de1f54ab6) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
08:11:37.0562 2676 SNAC - ok
08:11:37.0718 2676 Sparrow - ok
08:11:37.0890 2676 SPBBCDrv (d7bb213566e16bca372e2cb517eda907) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
08:11:37.0906 2676 SPBBCDrv - ok
08:11:37.0953 2676 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:11:37.0968 2676 splitter - ok
08:11:38.0031 2676 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:11:38.0031 2676 Spooler - ok
08:11:38.0093 2676 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:11:38.0093 2676 sr - ok
08:11:38.0125 2676 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:11:38.0156 2676 srservice - ok
08:11:38.0234 2676 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\WINDOWS\system32\Drivers\SRTSP.SYS
08:11:38.0234 2676 SRTSP - ok
08:11:38.0281 2676 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
08:11:38.0312 2676 SRTSPL - ok
08:11:38.0328 2676 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
08:11:38.0328 2676 SRTSPX - ok
08:11:38.0406 2676 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:11:38.0421 2676 Srv - ok
08:11:38.0484 2676 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:11:38.0500 2676 SSDPSRV - ok
08:11:38.0593 2676 Steam Client Service - ok
08:11:38.0890 2676 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
08:11:38.0968 2676 STHDA - ok
08:11:39.0078 2676 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:11:39.0109 2676 stisvc - ok
08:11:39.0218 2676 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:11:39.0250 2676 stllssvr - ok
08:11:39.0312 2676 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:11:39.0328 2676 streamip - ok
08:11:39.0375 2676 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:11:39.0375 2676 swenum - ok
08:11:39.0437 2676 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:11:39.0437 2676 swmidi - ok
08:11:39.0437 2676 SwPrv - ok
08:11:39.0953 2676 Symantec AntiVirus (da035c6cd2684e3160b9d0a66176814c) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
08:11:40.0031 2676 Symantec AntiVirus - ok
08:11:40.0140 2676 symc810 - ok
08:11:40.0140 2676 symc8xx - ok
08:11:40.0203 2676 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:11:40.0218 2676 SymEvent - ok
08:11:40.0265 2676 SYMREDRV (be3c117150c055e50a4caf23e548c856) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
08:11:40.0265 2676 SYMREDRV - ok
08:11:40.0296 2676 SYMTDI (7b0af4e22b32f8c5bfba5a5d53522160) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
08:11:40.0296 2676 SYMTDI - ok
08:11:40.0296 2676 sym_hi - ok
08:11:40.0312 2676 sym_u3 - ok
08:11:40.0375 2676 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:11:40.0375 2676 sysaudio - ok
08:11:40.0437 2676 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:11:40.0437 2676 SysmonLog - ok
08:11:40.0468 2676 SysPlant (6ccbb4b7e72c8ee59e0b649b4feec3d1) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
08:11:40.0484 2676 SysPlant - ok
08:11:40.0562 2676 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:11:40.0593 2676 TapiSrv - ok
08:11:40.0703 2676 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:11:40.0703 2676 Tcpip - ok
08:11:40.0750 2676 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:11:40.0765 2676 TDPIPE - ok
08:11:40.0812 2676 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:11:40.0828 2676 TDTCP - ok
08:11:40.0890 2676 Teefer2 (0dc098cc18a974e7c1e96e6846bd06e4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
08:11:40.0890 2676 Teefer2 - ok
08:11:40.0953 2676 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:11:40.0953 2676 TermDD - ok
08:11:41.0046 2676 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:11:41.0171 2676 TermService - ok
08:11:41.0234 2676 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:11:41.0234 2676 Themes - ok
08:11:41.0296 2676 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:11:41.0296 2676 TlntSvr - ok
08:11:41.0296 2676 TosIde - ok
08:11:41.0375 2676 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:11:41.0390 2676 TrkWks - ok
08:11:41.0421 2676 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:11:41.0437 2676 Udfs - ok
08:11:41.0437 2676 UIUSys - ok
08:11:41.0453 2676 ultra - ok
08:11:41.0578 2676 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:11:41.0593 2676 Update - ok
08:11:41.0640 2676 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:11:41.0640 2676 upnphost - ok
08:11:41.0671 2676 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:11:41.0687 2676 UPS - ok
08:11:41.0734 2676 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:11:41.0750 2676 USBAAPL - ok
08:11:41.0796 2676 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:11:41.0812 2676 usbaudio - ok
08:11:41.0859 2676 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:11:41.0875 2676 usbccgp - ok
08:11:41.0921 2676 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:11:41.0921 2676 usbehci - ok
08:11:41.0953 2676 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:11:41.0953 2676 usbhub - ok
08:11:42.0015 2676 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:11:42.0015 2676 usbprint - ok
08:11:42.0093 2676 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:11:42.0093 2676 usbscan - ok
08:11:42.0125 2676 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:11:42.0140 2676 USBSTOR - ok
08:11:42.0140 2676 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:11:42.0140 2676 usbuhci - ok
08:11:42.0171 2676 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:11:42.0203 2676 usbvideo - ok
08:11:42.0250 2676 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:11:42.0250 2676 VgaSave - ok
08:11:42.0250 2676 ViaIde - ok
08:11:42.0265 2676 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:11:42.0265 2676 VolSnap - ok
08:11:42.0343 2676 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:11:42.0375 2676 VSS - ok
08:11:42.0437 2676 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:11:42.0453 2676 W32Time - ok
08:11:42.0484 2676 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:11:42.0484 2676 Wanarp - ok
08:11:42.0484 2676 WDICA - ok
08:11:42.0562 2676 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:11:42.0562 2676 wdmaud - ok
08:11:42.0609 2676 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:11:42.0640 2676 WebClient - ok
08:11:42.0812 2676 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
08:11:42.0828 2676 winachsf - ok
08:11:42.0921 2676 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:11:42.0968 2676 winmgmt - ok
08:11:42.0984 2676 wltrysvc - ok
08:11:43.0015 2676 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:11:43.0031 2676 WmdmPmSN - ok
08:11:43.0140 2676 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:11:43.0156 2676 Wmi - ok
08:11:43.0218 2676 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:11:43.0234 2676 WmiAcpi - ok
08:11:43.0250 2676 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:11:43.0281 2676 WmiApSrv - ok
08:11:43.0468 2676 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:11:43.0531 2676 WMPNetworkSvc - ok
08:11:43.0578 2676 WPS (0cdbea86a391f11918af8576c7844a3f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
08:11:43.0593 2676 WPS - ok
08:11:43.0640 2676 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
08:11:43.0656 2676 WpsHelper - ok
08:11:43.0703 2676 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:11:43.0703 2676 WS2IFSL - ok
08:11:43.0781 2676 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:11:43.0812 2676 wscsvc - ok
08:11:43.0859 2676 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:11:43.0875 2676 WSTCODEC - ok
08:11:43.0937 2676 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:11:43.0953 2676 wuauserv - ok
08:11:44.0000 2676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:11:44.0031 2676 WudfPf - ok
08:11:44.0046 2676 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:11:44.0062 2676 WudfRd - ok
08:11:44.0078 2676 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:11:44.0093 2676 WudfSvc - ok
08:11:44.0140 2676 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:11:44.0171 2676 WZCSVC - ok
08:11:44.0250 2676 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:11:44.0250 2676 xmlprov - ok
08:11:44.0296 2676 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:11:44.0906 2676 \Device\Harddisk0\DR0 - ok
08:11:44.0953 2676 Boot (0x1200) (79cd73836971f1f7818a91fa81479d3c) \Device\Harddisk0\DR0\Partition0
08:11:44.0953 2676 \Device\Harddisk0\DR0\Partition0 - ok
08:11:44.0953 2676 ============================================================
08:11:44.0953 2676 Scan finished
08:11:44.0953 2676 ============================================================
08:11:44.0968 3436 Detected object count: 0
08:11:44.0968 3436 Actual detected object count: 0

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 08:12:50
-----------------------------
08:12:50.921 OS Version: Windows 5.1.2600 Service Pack 3
08:12:50.921 Number of processors: 2 586 0xE08
08:12:50.921 ComputerName: DELL-CC59734E1C UserName: Family
08:12:51.562 Initialize success
08:21:23.203 AVAST engine defs: 12052200
08:22:26.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
08:22:26.578 Disk 0 Vendor: TOSHIBA_MK8052GSX LV011D Size: 76319MB BusType: 3
08:22:26.593 Disk 0 MBR read successfully
08:22:26.593 Disk 0 MBR scan
08:22:26.671 Disk 0 Windows XP default MBR code
08:22:26.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
08:22:26.687 Disk 0 scanning sectors +156296385
08:22:26.828 Disk 0 scanning C:\WINDOWS\system32\drivers
08:22:45.406 Service scanning
08:23:15.203 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
08:23:15.796 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
08:23:20.000 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
08:23:20.078 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
08:23:21.687 Modules scanning
08:23:35.109 Disk 0 trace - called modules:
08:23:35.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:23:35.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ce3ab8]
08:23:35.125 3 CLASSPNP.SYS[f767efd7] -> nt!IofCallDriver -> \Device\0000008b[0x86d873b8]
08:23:35.125 5 ACPI.sys[f7515620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86ce7940]
08:23:35.671 AVAST engine scan C:\WINDOWS
08:24:06.875 AVAST engine scan C:\WINDOWS\system32
08:31:50.265 AVAST engine scan C:\WINDOWS\system32\drivers
08:32:07.734 AVAST engine scan C:\Documents and Settings\Family
08:35:07.421 File: C:\Documents and Settings\Family\Local Settings\Application Data\Apple\Adobe\jlslfn.dll **INFECTED** Win32:Sefnit-GU [Drp]
08:37:04.156 AVAST engine scan C:\Documents and Settings\All Users
08:40:25.218 Scan finished successfully
08:40:36.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Family\Desktop\MBR.dat"
08:40:36.750 The log file has been saved successfully to "C:\Documents and Settings\Family\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 22 May 2012 - 07:52 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 dlw8e

dlw8e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 22 May 2012 - 05:58 PM

COMBOFIX

ComboFix 12-05-20.10 - Family 05/22/2012 18:39:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.299 [GMT -4:00]
Running from: c:\documents and settings\Family\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Family\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-21 12:04 . 2012-05-21 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
2012-05-16 08:11 . 2012-05-16 08:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-15 07:00 . 2012-05-15 07:00 -------- d-----w- c:\program files\MSXML 4.0
2012-05-14 11:16 . 2012-05-14 11:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Ad-Aware Antivirus
2012-05-14 06:46 . 2012-05-14 06:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-05-14 06:33 . 2012-05-14 06:33 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\adaware
2012-05-14 06:33 . 2012-05-14 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-05-09 22:47 . 2012-05-09 22:47 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\Opera
2012-05-09 22:47 . 2012-05-13 00:47 -------- d-----w- c:\program files\Opera
2012-05-05 22:14 . 2012-05-09 23:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 23:17 . 2012-05-03 23:17 222 ----a-w- c:\windows\tmpcpyis.bat
2012-05-03 23:17 . 2012-05-03 23:17 122 ----a-w- c:\windows\tmpdelis.bat
2012-05-03 23:17 . 2012-05-03 23:17 26 ----a-w- c:\windows\winstart.bat
2012-05-03 23:14 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe
2012-05-03 23:11 . 2012-05-03 23:11 -------- d-----w- c:\program files\Square Soft, Inc
2012-05-02 13:05 . 2012-05-02 13:05 -------- d-----w- c:\program files\Sprint_Activation
2012-05-02 13:05 . 2012-05-02 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2012-04-23 11:26 . 2012-04-23 11:26 -------- d-----w- c:\documents and settings\Family\Application Data\runic games
2012-04-22 23:08 . 2012-04-22 23:08 -------- d-----w- c:\program files\Runic Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 23:56 . 2011-07-20 22:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-21_13.04.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-21 13:47 . 2012-05-21 13:47 16384 c:\windows\Temp\Perflib_Perfdata_ad0.dat
+ 2012-05-21 13:44 . 2012-05-21 13:44 16384 c:\windows\Temp\Perflib_Perfdata_864.dat
+ 2008-06-20 05:12 . 2010-09-11 02:32 167936 c:\windows\system32\drivers\WpsHelper.sys
- 2008-06-20 05:12 . 2011-06-21 21:46 167936 c:\windows\system32\drivers\WpsHelper.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{eaafd3e7-1bcc-4f58-9300-071ef858c219}"= "c:\program files\contadorvisitas\prxtbcon0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
2011-01-17 14:54 175912 ----a-w- c:\program files\contadorvisitas\prxtbcon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{eaafd3e7-1bcc-4f58-9300-071ef858c219}"= "c:\program files\contadorvisitas\prxtbcon0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EAAFD3E7-1BCC-4F58-9300-071EF858C219}"= "c:\program files\contadorvisitas\prxtbcon0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{eaafd3e7-1bcc-4f58-9300-071ef858c219}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 22:31 579072 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-12 1242448]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-05-02 11396840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-09-11 128232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\documents and settings\Family\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Hexen 2\\glh2.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege II Demo\\DungeonSiege2.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Documents and Settings\\Family\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [10/18/2005 5:11 PM 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2012 7:13 PM 106104]
S0 cerc6;cerc6; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2012 11:03 AM 136176]
S2 SkypeUpdate;Skype Updater;c:\documents and settings\Family\Local Settings\Application Data\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 6:14 PM 257696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 7:17 PM 23888]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]
S3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [5/13/2011 4:59 PM 20328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2012 11:03 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 34549101
*Deregistered* - 34549101
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 23:56]
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 15:02]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-05 15:02]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-515967899-1606980848-1004Core.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-11 18:08]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-515967899-1606980848-1004UA.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-11 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.1
DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} - hxxps://www.blockbuster.com/content/v.5.104.1.20110705104201/media/widevine/installer/WidevineMediaTransformer.exe
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-22 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\System32\BCMLogon.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-22 18:49:55
ComboFix-quarantined-files.txt 2012-05-22 22:49
ComboFix2.txt 2012-05-21 13:07
.
Pre-Run: 38,170,759,168 bytes free
Post-Run: 38,222,114,816 bytes free
.
- - End Of File - - 0D0299AC3B67FDEAD8EBFF91CD842A51


The google searches do not seem to be redirecting. In terms of speed, it seems peppier and a little less lagged.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 22 May 2012 - 06:52 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1
Conduit Engine
Java™ 6 Update 30
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dlw8e

dlw8e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 23 May 2012 - 03:36 AM

MALWAREBYTES

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Family :: DELL-CC59734E1C [administrator]

5/23/2012 3:45:57 AM
mbam-log-2012-05-23 (03-45-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231814
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:00:37 AM, on 5/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\MUSHclient\MUSHclient.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\prxtbcon0.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Documents and Settings\Family\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: contadorvisitas - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\prxtbcon0.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.46\npchrome_frame.dll
O3 - Toolbar: contadorvisitas Toolbar - {eaafd3e7-1bcc-4f58-9300-071ef858c219} - C:\Program Files\contadorvisitas\prxtbcon0.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Family\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Documents and Settings\Family\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265131897854
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F8EB59EC-35A8-4B59-8F67-B3E19147FED6} (WidevineMediaTransformerPlugin Class) - https://www.blockbuster.com/content/v.5.104.1.20110705104201/media/widevine/installer/WidevineMediaTransformer.exe
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.46\npchrome_frame.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Documents and Settings\Family\Local Settings\Application Data\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Documents and Settings\Family\Local Settings\Application Data\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12260 bytes


The computer is running faster than it was a few days ago and is still not redirecting google searches.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 23 May 2012 - 07:40 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [KGShareApp] C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dlw8e

dlw8e
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 24 May 2012 - 04:37 AM

ESET RESULTS

C:\Documents and Settings\Family\Local Settings\Application Data\Apple\Adobe\jlslfn.dll a variant of Win32/Kryptik.AFRA trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Family\Local Settings\Application Data\Apple\Adobe\ziczxmipr.dll.vir a variant of Win32/Kryptik.AFRA trojan
C:\System Volume Information\_restore{4CAECEB4-82C7-41DF-A114-B71D846DD15A}\RP532\A0171512.dll a variant of Win32/Kryptik.AFRA trojan

Edited by dlw8e, 24 May 2012 - 04:38 AM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:54 PM

Posted 24 May 2012 - 10:50 AM

Greetings

There are somethings in the online scan I want to remove so run this scrript for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Documents and Settings\Family\Local Settings\Application Data\Apple\Adobe\jlslfn.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer



"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users