Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU maxing out problem


  • This topic is locked This topic is locked
28 replies to this topic

#1 GrandReaper

GrandReaper

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 23 May 2012 - 01:26 PM

Up until this one I've always managed to clean up any infections on my computer myself despite a lack of tech savy (go internet) but this one has me stumped. Here are the logs I've gathered:

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 20:58:45 on 2012-05-21
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2046.1462 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\32788R22FWJFW\cmd.3XE
C:\32788R22FWJFW\NirCmd.3XE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.55\oberontb.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.55\oberontb.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.55\oberontb.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265758498718
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{19C70013-2BD9-4A0C-B425-A8B30EBC3580} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2007-8-29 116264]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-15 36000]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-5-15 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-5-15 110032]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-15 83392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2012-2-13 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-22 00:31:31 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2012-05-21 23:52:24 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-05-21 23:52:20 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2012-05-21 19:44:36 -------- d-----w- c:\windows\pss
2012-05-21 19:40:16 -------- d-----w- c:\windows\system32\appmgmt
2012-05-17 00:43:18 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-05-17 00:38:54 -------- d-----w- C:\AMD
2012-05-15 16:22:54 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-15 16:22:54 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-15 16:22:50 -------- d-----w- c:\program files\Avira
2012-05-15 16:22:50 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-05-15 04:12:30 -------- d-----w- c:\program files\Diablo III
2012-05-04 23:15:36 -------- d-----w- c:\documents and settings\all users\application data\MumboJumbo
2012-05-04 22:44:31 -------- d-----w- c:\program files\MumboJumbo
2012-05-04 22:44:09 -------- d-----w- c:\documents and settings\all users\application data\GamesBar
2012-05-04 22:44:06 -------- d-----w- c:\program files\GamesBar
2012-05-04 22:44:06 -------- d-----w- c:\program files\common files\Oberon Media
2012-05-04 22:44:06 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media
2012-05-03 15:25:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 15:25:39 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-03 15:25:39 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-24 04:35:49 -------- d-----w- c:\program files\World of Warcraft Beta
.
==================== Find3M ====================
.
2012-05-05 05:03:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 05:03:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 02:31:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-14 02:31:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:12:06 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 05:16:18 7746048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-04-06 03:28:20 19976192 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 03:21:04 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 03:20:02 305664 ----a-w- c:\windows\system32\ati2dvag.dll
2012-04-06 02:59:46 217088 ----a-w- c:\windows\system32\atipdlxx.dll
2012-04-06 02:59:36 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-04-06 02:59:30 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-04-06 02:59:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:59:14 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-04-06 02:58:04 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2012-04-06 02:56:58 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-04-06 02:56:24 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:52:32 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-04-06 02:48:36 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 02:48:22 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-04-06 02:47:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 02:43:36 888832 ----a-w- c:\windows\system32\ati2cqag.dll
2012-04-06 02:42:10 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-04-06 02:36:28 5374560 ----a-w- c:\windows\system32\ati3duag.dll
2012-04-06 02:24:36 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-04-06 02:11:58 3900800 ----a-w- c:\windows\system32\ativvaxx.dll
2012-04-06 01:51:20 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:51:20 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-10 13:08:52 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 21:01:24.54 ===============


GMER log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-22 16:57:10
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\SI3112r1Port2Path1Target0Lun0 ST310005 rev.CC38
Running: GMER.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgndraod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[224] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[272] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[936] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1756] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E5214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E5276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1852] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E5717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x16 0x72 0x39 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x16 0x72 0x39 ...

---- EOF - GMER 1.0.15 ----


Even a MBAM log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.21.06

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: HOME-326C25185E [administrator]

21/05/2012 8:09:48 PM
mbam-log-2012-05-21 (20-09-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212824
Time elapsed: 14 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Any help is MUCH appreciated!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 24 May 2012 - 07:15 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GrandReaper

GrandReaper
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 24 May 2012 - 07:34 PM

Thanks for the help. Note: I had been rash earlier and started Combofix (I did NOT run it though) and it warned me that my Avira was active. This seemed weird since I was in Safe Mode, so I opened Avira and it said it was disabled, so I closed it again.

Security Check Log

Results of screen317's Security Check version 0.99.38
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
v
i
r
a
ECHO is off.
D
e
s
k
t
o
p
ECHO is off.
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````


Combofix Log

--> The same problem I mentioned above is occuring with Combofix giving the following warning:


ComboFix has detected the following real time scanner(s) to be active:

antivirus: Avira Desktop

Antivirus and intrusion prevention programs are known to interfere
with ComboFix's running. This may lead to unpredictable results or
possible machine damage.

Please disable these scanners before clicking 'OK'.


--> I've followed any/all guides on how to disable the software, so I'm not sure what to do.

Thanks again!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 24 May 2012 - 09:04 PM

go ahead and shut down what you can and run it anyway


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 GrandReaper

GrandReaper
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2012 - 02:08 AM

I ran ComboFix as instructed. The following took place:

- ComboFix had some issue with a weird file called PEV.exe or something similar (didn't write the name right away).
- Around Stage 28 or so ComboFix mentioned a problem that could cause system damage and restarted.
- After the restart I ran ComboFix again and it completed successfully.
- I have not restarted since running ComboFix. CPU is still running over 90.

ComboFix log
ComboFix 12-05-25.01 - Administrator 25/05/2012 2:14.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2046.1664 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\SET125.tmp
c:\windows\system32\SET13F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-21 23:51 . 2012-05-22 00:31 -------- d-----w- c:\documents and settings\Administrator
2012-05-17 00:47 . 2012-05-17 00:47 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\ATI
2012-05-17 00:47 . 2012-05-17 00:47 -------- d-----w- c:\documents and settings\User1\Application Data\ATI
2012-05-17 00:47 . 2012-05-17 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-05-17 00:43 . 2012-04-06 02:27 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-05-17 00:38 . 2012-05-17 00:38 -------- d-----w- C:\AMD
2012-05-15 16:28 . 2012-05-15 16:28 -------- d-----w- c:\documents and settings\User1\Application Data\Avira
2012-05-15 16:22 . 2012-04-27 14:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-15 16:22 . 2012-04-25 04:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-15 16:22 . 2012-04-17 01:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-15 16:22 . 2012-05-15 16:22 -------- d-----w- c:\program files\Avira
2012-05-15 16:22 . 2012-05-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-05-15 04:12 . 2012-05-17 01:19 -------- d-----w- c:\program files\Diablo III
2012-05-04 23:15 . 2012-05-04 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2012-05-04 22:44 . 2012-05-04 22:47 -------- d-----w- c:\program files\MumboJumbo
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\documents and settings\User1\Application Data\Oberon Media
2012-05-04 22:44 . 2012-05-06 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\GamesBar
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\program files\GamesBar
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\program files\Common Files\Oberon Media
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2012-05-03 15:25 . 2012-05-03 15:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 15:25 . 2012-05-03 15:25 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 15:25 . 2012-05-03 15:25 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 05:03 . 2012-04-06 03:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 05:03 . 2012-04-06 03:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 02:31 . 2012-04-14 02:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-14 02:31 . 2010-10-14 21:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:12 . 2005-10-05 20:05 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2005-03-01 20:59 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2005-03-01 20:34 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 05:16 . 2010-02-09 22:55 7746048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-04-06 03:28 . 2010-02-10 15:00 19976192 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 03:21 . 2010-10-14 20:22 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 03:20 . 2010-02-09 22:58 305664 ----a-w- c:\windows\system32\ati2dvag.dll
2012-04-06 02:59 . 2010-02-10 15:00 217088 ----a-w- c:\windows\system32\atipdlxx.dll
2012-04-06 02:59 . 2010-02-10 15:00 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-04-06 02:59 . 2010-02-10 15:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-04-06 02:59 . 2010-02-10 15:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:59 . 2010-02-10 15:00 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-04-06 02:58 . 2010-02-10 15:00 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2012-04-06 02:56 . 2010-02-10 15:00 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-04-06 02:56 . 2010-10-14 20:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:52 . 2010-02-10 15:00 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-04-06 02:48 . 2010-10-14 20:22 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 02:48 . 2010-02-10 15:00 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-04-06 02:47 . 2010-02-10 15:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 02:43 . 2010-02-09 22:58 888832 ----a-w- c:\windows\system32\ati2cqag.dll
2012-04-06 02:42 . 2010-10-14 20:22 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-04-06 02:36 . 2010-02-09 22:58 5374560 ----a-w- c:\windows\system32\ati3duag.dll
2012-04-06 02:24 . 2010-02-10 15:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-04-06 02:11 . 2010-02-09 22:58 3900800 ----a-w- c:\windows\system32\ativvaxx.dll
2012-04-06 01:51 . 2010-10-14 20:22 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:51 . 2010-10-14 20:22 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-04 19:56 . 2011-05-29 02:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-10 13:08 . 2012-03-07 23:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-03-01 11:01 . 2006-06-23 07:02 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 08:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 08:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2012-05-03 15:25 . 2012-03-20 15:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User1\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-11-6 0]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\User1\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 20:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-11-12 17:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 22:35 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection]
2010-05-31 13:22 568312 ----a-w- c:\program files\GamesBar\SearchEngineProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 18:58 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Blood Bowl Legendary Edition\\BB_LE.exe"=
"c:\\Program Files\\Blood Bowl Legendary Edition\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jollyrover\\jolly_rover.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.913\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Program Files\\Diablo III\\Diablo III.exe"=
"c:\\Documents and Settings\\User1\\Local Settings\\Apps\\2.0\\YHN5H44Z.TY5\\RLD53DLJ.3BG\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-10 436792]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-17 36000]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 33792]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:03]
.
2012-05-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 20:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-DOSBox 0.74 Installer - c:\program files\DOSBox\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 02:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-651377827-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,62,45,49,10,01,7b,4a,b3,8d,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,62,45,49,10,01,7b,4a,b3,8d,fe,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-05-25 02:57:51
ComboFix-quarantined-files.txt 2012-05-25 06:57
.
Pre-Run: 869,140,873,216 bytes free
Post-Run: 870,067,789,824 bytes free
.
- - End Of File - - 3571B3570C3327FD9980A34ABB8060E3

Thanks!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 25 May 2012 - 02:11 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 GrandReaper

GrandReaper
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2012 - 11:44 AM

Alrighty. TDSS:

11:09:04.0531 2004 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
11:09:04.0875 2004 ============================================================
11:09:04.0875 2004 Current date / time: 2012/05/25 11:09:04.0875
11:09:04.0875 2004 SystemInfo:
11:09:04.0875 2004
11:09:04.0875 2004 OS Version: 5.1.2600 ServicePack: 3.0
11:09:04.0875 2004 Product type: Workstation
11:09:04.0875 2004 ComputerName: HOME-326C25185E
11:09:04.0875 2004 UserName: Administrator
11:09:04.0875 2004 Windows directory: C:\WINDOWS
11:09:04.0875 2004 System windows directory: C:\WINDOWS
11:09:04.0875 2004 Processor architecture: Intel x86
11:09:04.0875 2004 Number of processors: 1
11:09:04.0875 2004 Page size: 0x1000
11:09:04.0875 2004 Boot type: Safe boot with network
11:09:04.0875 2004 ============================================================
11:09:10.0781 2004 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000058
11:09:10.0796 2004 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
11:09:10.0812 2004 ============================================================
11:09:10.0812 2004 \Device\Harddisk0\DR0:
11:09:10.0812 2004 MBR partitions:
11:09:10.0812 2004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A88DD1
11:09:10.0812 2004 \Device\Harddisk1\DR1:
11:09:10.0812 2004 MBR partitions:
11:09:10.0812 2004 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:09:10.0812 2004 ============================================================
11:09:10.0828 2004 C: <-> \Device\Harddisk1\DR1\Partition0
11:09:10.0843 2004 E: <-> \Device\Harddisk0\DR0\Partition0
11:09:10.0843 2004 ============================================================
11:09:10.0843 2004 Initialize success
11:09:10.0843 2004 ============================================================
11:09:21.0453 0360 ============================================================
11:09:21.0453 0360 Scan started
11:09:21.0453 0360 Mode: Manual;
11:09:21.0453 0360 ============================================================
11:09:26.0437 0360 Abiosdsk - ok
11:09:26.0687 0360 abp480n5 - ok
11:09:26.0937 0360 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:09:26.0953 0360 ACPI - ok
11:09:27.0296 0360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:09:27.0296 0360 ACPIEC - ok
11:09:27.0734 0360 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:09:27.0750 0360 AdobeFlashPlayerUpdateSvc - ok
11:09:28.0031 0360 adpu160m - ok
11:09:28.0437 0360 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:09:28.0453 0360 aec - ok
11:09:28.0640 0360 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:09:28.0640 0360 AFD - ok
11:09:28.0781 0360 Aha154x - ok
11:09:29.0046 0360 aic78u2 - ok
11:09:29.0187 0360 aic78xx - ok
11:09:30.0312 0360 ALCXWDM (73cb40bca45710ae373e9d27d9970b98) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:09:30.0718 0360 ALCXWDM - ok
11:09:31.0078 0360 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:09:31.0078 0360 Alerter - ok
11:09:31.0390 0360 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:09:31.0390 0360 ALG - ok
11:09:31.0593 0360 AliIde - ok
11:09:31.0750 0360 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
11:09:31.0750 0360 AmdPPM - ok
11:09:31.0890 0360 amsint - ok
11:09:32.0187 0360 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:09:32.0203 0360 AntiVirSchedulerService - ok
11:09:32.0484 0360 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:09:32.0500 0360 AntiVirService - ok
11:09:32.0906 0360 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:09:32.0921 0360 AppMgmt - ok
11:09:33.0187 0360 asc - ok
11:09:33.0453 0360 asc3350p - ok
11:09:33.0718 0360 asc3550 - ok
11:09:34.0296 0360 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:09:34.0296 0360 aspnet_state - ok
11:09:34.0546 0360 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:09:34.0562 0360 AsyncMac - ok
11:09:34.0953 0360 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:09:34.0968 0360 atapi - ok
11:09:35.0109 0360 Atdisk - ok
11:09:35.0593 0360 Ati HotKey Poller (7eeb8386f9ac3721edad9b21e5c2f2d4) C:\WINDOWS\system32\Ati2evxx.exe
11:09:35.0765 0360 Ati HotKey Poller - ok
11:09:38.0000 0360 ati2mtag (28f1b6ccd2e0a184da7d9f266bfeb267) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:09:38.0656 0360 ati2mtag - ok
11:09:39.0562 0360 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\WINDOWS\system32\DRIVERS\atksgt.sys
11:09:39.0578 0360 atksgt - ok
11:09:39.0875 0360 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:09:39.0875 0360 Atmarpc - ok
11:09:40.0203 0360 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:09:40.0203 0360 AudioSrv - ok
11:09:40.0453 0360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:09:40.0453 0360 audstub - ok
11:09:40.0734 0360 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:09:40.0734 0360 avgntflt - ok
11:09:40.0906 0360 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:09:40.0921 0360 avipbb - ok
11:09:41.0187 0360 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:09:41.0203 0360 avkmgr - ok
11:09:41.0500 0360 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:09:41.0515 0360 b57w2k - ok
11:09:41.0781 0360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:09:41.0781 0360 Beep - ok
11:09:42.0250 0360 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:09:42.0296 0360 BITS - ok
11:09:42.0468 0360 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:09:42.0468 0360 Browser - ok
11:09:42.0718 0360 catchme - ok
11:09:42.0875 0360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:09:42.0875 0360 cbidf2k - ok
11:09:43.0015 0360 cd20xrnt - ok
11:09:43.0296 0360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:09:43.0296 0360 Cdaudio - ok
11:09:43.0453 0360 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:09:43.0453 0360 Cdfs - ok
11:09:43.0625 0360 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:09:43.0625 0360 Cdrom - ok
11:09:43.0890 0360 Changer - ok
11:09:44.0046 0360 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:09:44.0046 0360 CiSvc - ok
11:09:44.0203 0360 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:09:44.0203 0360 ClipSrv - ok
11:09:44.0484 0360 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:09:44.0500 0360 clr_optimization_v2.0.50727_32 - ok
11:09:44.0859 0360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:09:44.0875 0360 clr_optimization_v4.0.30319_32 - ok
11:09:45.0062 0360 CmdIde - ok
11:09:45.0218 0360 COMSysApp - ok
11:09:45.0609 0360 Cpqarray - ok
11:09:45.0765 0360 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:09:45.0765 0360 CryptSvc - ok
11:09:45.0906 0360 dac2w2k - ok
11:09:46.0171 0360 dac960nt - ok
11:09:46.0625 0360 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:09:46.0671 0360 DcomLaunch - ok
11:09:47.0015 0360 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:09:47.0031 0360 Dhcp - ok
11:09:47.0125 0360 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:09:47.0125 0360 Disk - ok
11:09:47.0406 0360 dmadmin - ok
11:09:47.0906 0360 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:09:48.0093 0360 dmboot - ok
11:09:48.0265 0360 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:09:48.0281 0360 dmio - ok
11:09:48.0531 0360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:09:48.0546 0360 dmload - ok
11:09:48.0703 0360 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:09:48.0703 0360 dmserver - ok
11:09:48.0984 0360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:09:48.0984 0360 DMusic - ok
11:09:49.0265 0360 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:09:49.0265 0360 Dnscache - ok
11:09:49.0687 0360 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:09:49.0687 0360 Dot3svc - ok
11:09:49.0828 0360 dpti2o - ok
11:09:50.0125 0360 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:09:50.0125 0360 drmkaud - ok
11:09:50.0421 0360 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:09:50.0421 0360 EapHost - ok
11:09:50.0671 0360 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:09:50.0687 0360 ERSvc - ok
11:09:51.0062 0360 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:09:51.0078 0360 Eventlog - ok
11:09:51.0406 0360 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:09:51.0421 0360 EventSystem - ok
11:09:51.0609 0360 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:09:51.0609 0360 Fastfat - ok
11:09:51.0968 0360 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:09:52.0000 0360 FastUserSwitchingCompatibility - ok
11:09:52.0203 0360 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:09:52.0218 0360 Fdc - ok
11:09:52.0484 0360 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:09:52.0484 0360 Fips - ok
11:09:52.0765 0360 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:09:52.0765 0360 Flpydisk - ok
11:09:53.0140 0360 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:09:53.0156 0360 FltMgr - ok
11:09:53.0343 0360 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:09:53.0359 0360 FontCache3.0.0.0 - ok
11:09:53.0609 0360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:09:53.0609 0360 Fs_Rec - ok
11:09:53.0875 0360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:09:53.0890 0360 Ftdisk - ok
11:09:54.0078 0360 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:09:54.0078 0360 Gpc - ok
11:09:54.0468 0360 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:09:54.0484 0360 gusvc - ok
11:09:54.0656 0360 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:09:54.0671 0360 HDAudBus - ok
11:09:54.0937 0360 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:09:54.0937 0360 helpsvc - ok
11:09:55.0078 0360 HidServ - ok
11:09:55.0375 0360 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:09:55.0375 0360 hkmsvc - ok
11:09:55.0640 0360 hpn - ok
11:09:56.0015 0360 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:09:56.0031 0360 HTTP - ok
11:09:56.0250 0360 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:09:56.0265 0360 HTTPFilter - ok
11:09:56.0531 0360 i2omgmt - ok
11:09:56.0796 0360 i2omp - ok
11:09:56.0953 0360 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:09:56.0953 0360 i8042prt - ok
11:09:57.0484 0360 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:09:57.0671 0360 idsvc - ok
11:09:57.0828 0360 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:09:57.0843 0360 Imapi - ok
11:09:58.0125 0360 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:09:58.0140 0360 ImapiService - ok
11:09:58.0421 0360 ini910u - ok
11:09:58.0687 0360 IntelIde - ok
11:09:58.0843 0360 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:09:58.0859 0360 Ip6Fw - ok
11:09:59.0125 0360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:09:59.0140 0360 IpFilterDriver - ok
11:09:59.0421 0360 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:09:59.0421 0360 IpInIp - ok
11:09:59.0734 0360 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:09:59.0750 0360 IpNat - ok
11:09:59.0984 0360 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:10:00.0000 0360 IPSec - ok
11:10:00.0265 0360 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:10:00.0265 0360 IRENUM - ok
11:10:00.0546 0360 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:10:00.0562 0360 isapnp - ok
11:10:00.0875 0360 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
11:10:00.0890 0360 JavaQuickStarterService - ok
11:10:01.0140 0360 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:10:01.0140 0360 Kbdclass - ok
11:10:01.0390 0360 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:10:01.0406 0360 kmixer - ok
11:10:01.0625 0360 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:10:01.0640 0360 KSecDD - ok
11:10:01.0937 0360 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:10:01.0953 0360 lanmanserver - ok
11:10:02.0359 0360 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:10:02.0390 0360 lanmanworkstation - ok
11:10:02.0640 0360 lbrtfdc - ok
11:10:04.0343 0360 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
11:10:05.0031 0360 LeapFrog Connect Device Service - ok
11:10:05.0500 0360 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\WINDOWS\system32\DRIVERS\btblan.sys
11:10:05.0515 0360 Leapfrog-USBLAN - ok
11:10:05.0796 0360 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
11:10:05.0796 0360 lirsgt - ok
11:10:05.0968 0360 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:10:05.0968 0360 LmHosts - ok
11:10:06.0250 0360 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
11:10:06.0265 0360 mcdbus - ok
11:10:06.0421 0360 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:10:06.0421 0360 Messenger - ok
11:10:06.0718 0360 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:10:06.0734 0360 Microsoft Office Groove Audit Service - ok
11:10:06.0984 0360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:10:06.0984 0360 mnmdd - ok
11:10:07.0140 0360 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:10:07.0156 0360 mnmsrvc - ok
11:10:07.0312 0360 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:10:07.0312 0360 Modem - ok
11:10:07.0593 0360 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:10:07.0593 0360 Mouclass - ok
11:10:07.0875 0360 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:10:07.0875 0360 MountMgr - ok
11:10:08.0234 0360 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:10:08.0250 0360 MozillaMaintenance - ok
11:10:08.0437 0360 mraid35x - ok
11:10:08.0609 0360 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:10:08.0625 0360 MRxDAV - ok
11:10:09.0203 0360 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:10:09.0250 0360 MRxSmb - ok
11:10:09.0515 0360 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:10:09.0531 0360 MSDTC - ok
11:10:09.0921 0360 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:10:09.0937 0360 Msfs - ok
11:10:10.0078 0360 MSIServer - ok
11:10:10.0359 0360 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:10:10.0359 0360 MSKSSRV - ok
11:10:10.0640 0360 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:10:10.0640 0360 MSPCLOCK - ok
11:10:10.0781 0360 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:10:10.0781 0360 MSPQM - ok
11:10:11.0062 0360 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:10:11.0062 0360 mssmbios - ok
11:10:11.0359 0360 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:10:11.0359 0360 Mup - ok
11:10:11.0734 0360 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:10:11.0765 0360 napagent - ok
11:10:12.0093 0360 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:10:12.0109 0360 NDIS - ok
11:10:12.0296 0360 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:10:12.0296 0360 NdisTapi - ok
11:10:12.0515 0360 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:10:12.0515 0360 Ndisuio - ok
11:10:12.0625 0360 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:10:12.0625 0360 NdisWan - ok
11:10:12.0890 0360 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:10:12.0890 0360 NDProxy - ok
11:10:13.0171 0360 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:10:13.0171 0360 NetBIOS - ok
11:10:13.0515 0360 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:10:13.0531 0360 NetBT - ok
11:10:13.0781 0360 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:10:13.0796 0360 NetDDE - ok
11:10:14.0046 0360 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:10:14.0078 0360 NetDDEdsdm - ok
11:10:14.0234 0360 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:10:14.0234 0360 Netlogon - ok
11:10:14.0500 0360 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:10:14.0531 0360 Netman - ok
11:10:14.0812 0360 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:10:14.0828 0360 NetTcpPortSharing - ok
11:10:15.0156 0360 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:10:15.0187 0360 Nla - ok
11:10:15.0453 0360 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:10:15.0468 0360 Npfs - ok
11:10:15.0828 0360 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:10:15.0859 0360 Ntfs - ok
11:10:16.0140 0360 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:10:16.0140 0360 NtLmSsp - ok
11:10:16.0484 0360 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:10:16.0531 0360 NtmsSvc - ok
11:10:16.0828 0360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:10:16.0828 0360 Null - ok
11:10:17.0093 0360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:10:17.0093 0360 NwlnkFlt - ok
11:10:17.0359 0360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:10:17.0375 0360 NwlnkFwd - ok
11:10:17.0828 0360 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:10:17.0875 0360 odserv - ok
11:10:18.0281 0360 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:10:18.0296 0360 ose - ok
11:10:18.0671 0360 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:10:18.0671 0360 Parport - ok
11:10:18.0890 0360 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:10:18.0890 0360 PartMgr - ok
11:10:19.0156 0360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:10:19.0156 0360 ParVdm - ok
11:10:19.0437 0360 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:10:19.0437 0360 PCI - ok
11:10:19.0703 0360 PCIDump - ok
11:10:19.0859 0360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:10:19.0859 0360 PCIIde - ok
11:10:20.0250 0360 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:10:20.0265 0360 Pcmcia - ok
11:10:20.0421 0360 PDCOMP - ok
11:10:20.0562 0360 PDFRAME - ok
11:10:20.0718 0360 PDRELI - ok
11:10:20.0984 0360 PDRFRAME - ok
11:10:21.0125 0360 perc2 - ok
11:10:21.0265 0360 perc2hib - ok
11:10:21.0953 0360 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:10:21.0968 0360 PlugPlay - ok
11:10:22.0109 0360 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:10:22.0125 0360 PolicyAgent - ok
11:10:22.0406 0360 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:10:22.0406 0360 PptpMiniport - ok
11:10:22.0687 0360 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:10:22.0687 0360 Processor - ok
11:10:22.0953 0360 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:10:22.0968 0360 ProtectedStorage - ok
11:10:23.0125 0360 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:10:23.0140 0360 PSched - ok
11:10:23.0406 0360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:10:23.0406 0360 Ptilink - ok
11:10:23.0546 0360 ql1080 - ok
11:10:23.0828 0360 Ql10wnt - ok
11:10:23.0968 0360 ql12160 - ok
11:10:24.0109 0360 ql1240 - ok
11:10:24.0375 0360 ql1280 - ok
11:10:24.0515 0360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:10:24.0531 0360 RasAcd - ok
11:10:24.0812 0360 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:10:24.0843 0360 RasAuto - ok
11:10:25.0125 0360 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:10:25.0125 0360 Rasl2tp - ok
11:10:25.0546 0360 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:10:25.0562 0360 RasMan - ok
11:10:25.0718 0360 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:10:25.0718 0360 RasPppoe - ok
11:10:26.0000 0360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:10:26.0015 0360 Raspti - ok
11:10:26.0421 0360 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:10:26.0437 0360 Rdbss - ok
11:10:26.0703 0360 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:10:26.0718 0360 RDPCDD - ok
11:10:27.0031 0360 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:10:27.0046 0360 rdpdr - ok
11:10:27.0343 0360 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:10:27.0359 0360 RDPWD - ok
11:10:27.0734 0360 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:10:27.0796 0360 RDSessMgr - ok
11:10:28.0093 0360 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:10:28.0093 0360 redbook - ok
11:10:28.0359 0360 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:10:28.0375 0360 RemoteAccess - ok
11:10:28.0656 0360 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:10:28.0671 0360 RemoteRegistry - ok
11:10:28.0968 0360 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:10:28.0984 0360 RpcLocator - ok
11:10:29.0406 0360 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
11:10:29.0453 0360 RpcSs - ok
11:10:29.0796 0360 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:10:29.0828 0360 RSVP - ok
11:10:29.0906 0360 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:10:29.0921 0360 SamSs - ok
11:10:30.0218 0360 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:10:30.0234 0360 SCardSvr - ok
11:10:30.0578 0360 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:10:30.0609 0360 Schedule - ok
11:10:30.0843 0360 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:10:30.0843 0360 Secdrv - ok
11:10:31.0109 0360 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:10:31.0125 0360 seclogon - ok
11:10:31.0265 0360 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:10:31.0281 0360 SENS - ok
11:10:31.0437 0360 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:10:31.0453 0360 serenum - ok
11:10:31.0718 0360 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:10:31.0734 0360 Serial - ok
11:10:32.0531 0360 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:10:32.0531 0360 Sfloppy - ok
11:10:32.0859 0360 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:10:32.0890 0360 SharedAccess - ok
11:10:33.0296 0360 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:10:33.0312 0360 ShellHWDetection - ok
11:10:33.0515 0360 SI3112r (3da2f680bfc8e92a535cea5a5d80ac37) C:\WINDOWS\system32\DRIVERS\SI3112r.sys
11:10:33.0531 0360 SI3112r - ok
11:10:33.0640 0360 SiFilter (d893aa1d1ee007b7ab1b16e1099e9f17) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
11:10:33.0656 0360 SiFilter - ok
11:10:33.0921 0360 Simbad - ok
11:10:34.0203 0360 Sparrow - ok
11:10:34.0484 0360 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:10:34.0484 0360 splitter - ok
11:10:34.0750 0360 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:10:34.0765 0360 Spooler - ok
11:10:35.0234 0360 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
11:10:35.0265 0360 sptd - ok
11:10:35.0625 0360 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:10:35.0625 0360 sr - ok
11:10:35.0812 0360 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:10:35.0843 0360 srservice - ok
11:10:36.0203 0360 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:10:36.0234 0360 Srv - ok
11:10:36.0515 0360 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:10:36.0546 0360 SSDPSRV - ok
11:10:36.0812 0360 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:10:36.0812 0360 ssmdrv - ok
11:10:37.0093 0360 Steam Client Service - ok
11:10:37.0546 0360 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:10:37.0593 0360 stisvc - ok
11:10:37.0843 0360 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:10:37.0859 0360 swenum - ok
11:10:38.0015 0360 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:10:38.0031 0360 swmidi - ok
11:10:38.0156 0360 SwPrv - ok
11:10:38.0437 0360 symc810 - ok
11:10:38.0703 0360 symc8xx - ok
11:10:38.0843 0360 sym_hi - ok
11:10:38.0984 0360 sym_u3 - ok
11:10:39.0281 0360 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:10:39.0281 0360 sysaudio - ok
11:10:39.0625 0360 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:10:39.0640 0360 SysmonLog - ok
11:10:40.0000 0360 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:10:40.0046 0360 TapiSrv - ok
11:10:40.0609 0360 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:10:40.0640 0360 Tcpip - ok
11:10:40.0796 0360 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:10:40.0812 0360 TDPIPE - ok
11:10:41.0078 0360 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:10:41.0078 0360 TDTCP - ok
11:10:41.0359 0360 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:10:41.0359 0360 TermDD - ok
11:10:41.0812 0360 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:10:41.0843 0360 TermService - ok
11:10:42.0125 0360 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:10:42.0156 0360 Themes - ok
11:10:42.0328 0360 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:10:42.0343 0360 TlntSvr - ok
11:10:42.0609 0360 TosIde - ok
11:10:42.0828 0360 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:10:42.0843 0360 TrkWks - ok
11:10:43.0140 0360 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:10:43.0140 0360 Udfs - ok
11:10:43.0484 0360 ultra - ok
11:10:43.0937 0360 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:10:43.0968 0360 Update - ok
11:10:44.0343 0360 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:10:44.0375 0360 upnphost - ok
11:10:44.0578 0360 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:10:44.0593 0360 UPS - ok
11:10:44.0750 0360 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:10:44.0750 0360 usbehci - ok
11:10:45.0031 0360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:10:45.0046 0360 usbhub - ok
11:10:45.0296 0360 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:10:45.0312 0360 usbohci - ok
11:10:45.0468 0360 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:10:45.0468 0360 usbscan - ok
11:10:45.0625 0360 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:10:45.0640 0360 USBSTOR - ok
11:10:45.0906 0360 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\system32\drivers\VCdRom.sys
11:10:45.0906 0360 vcdrom - ok
11:10:46.0187 0360 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:10:46.0187 0360 VgaSave - ok
11:10:46.0453 0360 ViaIde - ok
11:10:46.0609 0360 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:10:46.0609 0360 VolSnap - ok
11:10:46.0921 0360 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:10:46.0953 0360 VSS - ok
11:10:47.0265 0360 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:10:47.0296 0360 W32Time - ok
11:10:47.0593 0360 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:10:47.0593 0360 Wanarp - ok
11:10:47.0718 0360 WDICA - ok
11:10:48.0031 0360 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:10:48.0031 0360 wdmaud - ok
11:10:48.0312 0360 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:10:48.0328 0360 WebClient - ok
11:10:48.0859 0360 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:10:48.0875 0360 winmgmt - ok
11:10:49.0453 0360 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
11:10:49.0671 0360 WinRM - ok
11:10:50.0234 0360 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:10:50.0234 0360 WmdmPmSN - ok
11:10:50.0734 0360 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:10:50.0906 0360 Wmi - ok
11:10:51.0406 0360 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:10:51.0421 0360 WmiApSrv - ok
11:10:51.0984 0360 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:10:52.0171 0360 WMPNetworkSvc - ok
11:10:52.0734 0360 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:10:52.0890 0360 WPFFontCache_v0400 - ok
11:10:53.0250 0360 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:10:53.0265 0360 WS2IFSL - ok
11:10:53.0593 0360 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:10:53.0609 0360 wscsvc - ok
11:10:53.0843 0360 WSearch - ok
11:10:54.0125 0360 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:10:54.0140 0360 wuauserv - ok
11:10:54.0421 0360 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:10:54.0421 0360 WudfPf - ok
11:10:54.0718 0360 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:10:54.0718 0360 WudfRd - ok
11:10:55.0000 0360 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:10:55.0015 0360 WudfSvc - ok
11:10:55.0500 0360 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:10:55.0546 0360 WZCSVC - ok
11:10:55.0937 0360 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:10:55.0968 0360 xmlprov - ok
11:10:56.0250 0360 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:11:00.0156 0360 \Device\Harddisk0\DR0 - ok
11:11:00.0437 0360 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:11:04.0375 0360 \Device\Harddisk1\DR1 - ok
11:11:04.0625 0360 Boot (0x1200) (880cbcf2bd1c9a70acd06d76a14c006d) \Device\Harddisk0\DR0\Partition0
11:11:04.0640 0360 \Device\Harddisk0\DR0\Partition0 - ok
11:11:04.0781 0360 Boot (0x1200) (b0771644acb1482098a84ad04cceaccc) \Device\Harddisk1\DR1\Partition0
11:11:04.0781 0360 \Device\Harddisk1\DR1\Partition0 - ok
11:11:04.0906 0360 ============================================================
11:11:04.0906 0360 Scan finished
11:11:04.0906 0360 ============================================================
11:11:05.0328 1456 Detected object count: 0
11:11:05.0328 1456 Actual detected object count: 0

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 11:17:15
-----------------------------
11:17:15.718 OS Version: Windows 5.1.2600 Service Pack 3
11:17:15.718 Number of processors: 1 586 0x2F02
11:17:15.718 ComputerName: HOME-326C25185E UserName: Administrator
11:17:19.578 Initialize success
11:35:15.593 AVAST engine defs: 12052500
11:45:34.796 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0
11:45:34.937 Disk 0 Vendor: SAMSUNG_ ZG10 Size: 38166MB BusType: 1
11:45:35.078 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\SI3112r1Port2Path1Target0Lun0
11:45:35.218 Disk 1 Vendor: ST310005 CC38 Size: 953869MB BusType: 1
11:45:35.375 Disk 1 MBR read successfully
11:45:35.515 Disk 1 MBR scan
11:45:35.671 Disk 1 Windows XP default MBR code
11:45:35.828 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
11:45:36.015 Disk 1 scanning sectors +1953520065
11:45:36.265 Disk 1 scanning C:\WINDOWS\system32\drivers
11:46:27.937 Service scanning
11:47:35.062 Modules scanning
11:48:09.781 Disk 1 trace - called modules:
11:48:11.218 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll SI3112r.sys
11:48:12.593 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89bdbab8]
11:48:13.968 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Scsi\SI3112r1Port2Path1Target0Lun0[0x89b81998]
11:48:19.093 AVAST engine scan C:\WINDOWS
11:49:08.468 AVAST engine scan C:\WINDOWS\system32
12:09:11.421 AVAST engine scan C:\WINDOWS\system32\drivers
12:13:21.359 AVAST engine scan C:\Documents and Settings\Administrator
12:18:40.250 AVAST engine scan C:\Documents and Settings\All Users
12:22:58.890 Scan finished successfully
12:40:23.515 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\CPU problem Logs\MBR.dat"
12:40:23.703 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\CPU problem Logs\aswMBR-Log.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 11:17:15
-----------------------------
11:17:15.718 OS Version: Windows 5.1.2600 Service Pack 3
11:17:15.718 Number of processors: 1 586 0x2F02
11:17:15.718 ComputerName: HOME-326C25185E UserName: Administrator
11:17:19.578 Initialize success
11:35:15.593 AVAST engine defs: 12052500
11:45:34.796 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0
11:45:34.937 Disk 0 Vendor: SAMSUNG_ ZG10 Size: 38166MB BusType: 1
11:45:35.078 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\SI3112r1Port2Path1Target0Lun0
11:45:35.218 Disk 1 Vendor: ST310005 CC38 Size: 953869MB BusType: 1
11:45:35.375 Disk 1 MBR read successfully
11:45:35.515 Disk 1 MBR scan
11:45:35.671 Disk 1 Windows XP default MBR code
11:45:35.828 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 63
11:45:36.015 Disk 1 scanning sectors +1953520065
11:45:36.265 Disk 1 scanning C:\WINDOWS\system32\drivers
11:46:27.937 Service scanning
11:47:35.062 Modules scanning
11:48:09.781 Disk 1 trace - called modules:
11:48:11.218 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll SI3112r.sys
11:48:12.593 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89bdbab8]
11:48:13.968 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Scsi\SI3112r1Port2Path1Target0Lun0[0x89b81998]
11:48:19.093 AVAST engine scan C:\WINDOWS
11:49:08.468 AVAST engine scan C:\WINDOWS\system32
12:09:11.421 AVAST engine scan C:\WINDOWS\system32\drivers
12:13:21.359 AVAST engine scan C:\Documents and Settings\Administrator
12:18:40.250 AVAST engine scan C:\Documents and Settings\All Users
12:22:58.890 Scan finished successfully
12:40:23.515 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\CPU problem Logs\MBR.dat"
12:40:23.703 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\CPU problem Logs\aswMBR-Log.txt"
12:41:33.156 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\CPU problem Logs\MBR.dat"
12:41:33.359 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\CPU problem Logs\aswMBR-Log.txt"


Thanks!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 25 May 2012 - 12:28 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 GrandReaper

GrandReaper
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2012 - 04:04 PM

Ran ComboFix again (still have the avira warning). Got called away from the computer - upon returning the window that tells what Safe Mode is was up, indicating that the computer might have restarted, but it was still in Safe Mode and the ComboFix log was on the screen indicating that it didn't restart. Sorry. CPU is still in the 85-100 range at all times.

ComboFix log

ComboFix 12-05-25.03 - Administrator 25/05/2012 15:12:59.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2046.1676 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-21 23:51 . 2012-05-22 00:31 -------- d-----w- c:\documents and settings\Administrator
2012-05-17 00:47 . 2012-05-17 00:47 -------- d-----w- c:\documents and settings\User1\Local Settings\Application Data\ATI
2012-05-17 00:47 . 2012-05-17 00:47 -------- d-----w- c:\documents and settings\User1\Application Data\ATI
2012-05-17 00:47 . 2012-05-17 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2012-05-17 00:43 . 2012-04-06 02:27 956160 ----a-w- c:\windows\system32\ativvamv.dll
2012-05-17 00:38 . 2012-05-17 00:38 -------- d-----w- C:\AMD
2012-05-15 16:28 . 2012-05-15 16:28 -------- d-----w- c:\documents and settings\User1\Application Data\Avira
2012-05-15 16:22 . 2012-04-27 14:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-15 16:22 . 2012-04-25 04:32 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-15 16:22 . 2012-04-17 01:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-15 16:22 . 2012-05-15 16:22 -------- d-----w- c:\program files\Avira
2012-05-15 16:22 . 2012-05-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-05-15 04:12 . 2012-05-17 01:19 -------- d-----w- c:\program files\Diablo III
2012-05-04 23:15 . 2012-05-04 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2012-05-04 22:44 . 2012-05-04 22:47 -------- d-----w- c:\program files\MumboJumbo
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\documents and settings\User1\Application Data\Oberon Media
2012-05-04 22:44 . 2012-05-06 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\GamesBar
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\program files\GamesBar
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\program files\Common Files\Oberon Media
2012-05-04 22:44 . 2012-05-04 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2012-05-03 15:25 . 2012-05-03 15:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-03 15:25 . 2012-05-03 15:25 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-03 15:25 . 2012-05-03 15:25 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 05:03 . 2012-04-06 03:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 05:03 . 2012-04-06 03:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 02:31 . 2012-04-14 02:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-14 02:31 . 2010-10-14 21:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 13:12 . 2005-10-05 20:05 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2005-03-01 20:59 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2005-03-01 20:34 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-06 05:16 . 2010-02-09 22:55 7746048 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2012-04-06 03:28 . 2010-02-10 15:00 19976192 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 03:21 . 2010-10-14 20:22 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 03:20 . 2010-02-09 22:58 305664 ----a-w- c:\windows\system32\ati2dvag.dll
2012-04-06 02:59 . 2010-02-10 15:00 217088 ----a-w- c:\windows\system32\atipdlxx.dll
2012-04-06 02:59 . 2010-02-10 15:00 159744 ----a-w- c:\windows\system32\Oemdspif.dll
2012-04-06 02:59 . 2010-02-10 15:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-04-06 02:59 . 2010-02-10 15:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:59 . 2010-02-10 15:00 192512 ----a-w- c:\windows\system32\ati2evxx.dll
2012-04-06 02:58 . 2010-02-10 15:00 647168 ----a-w- c:\windows\system32\ati2evxx.exe
2012-04-06 02:56 . 2010-02-10 15:00 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-04-06 02:56 . 2010-10-14 20:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:52 . 2010-02-10 15:00 847872 ----a-w- c:\windows\system32\atikvmag.dll
2012-04-06 02:48 . 2010-10-14 20:22 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 02:48 . 2010-02-10 15:00 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-04-06 02:47 . 2010-02-10 15:00 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 02:43 . 2010-02-09 22:58 888832 ----a-w- c:\windows\system32\ati2cqag.dll
2012-04-06 02:42 . 2010-10-14 20:22 638976 ----a-w- c:\windows\system32\atiok3x2.dll
2012-04-06 02:36 . 2010-02-09 22:58 5374560 ----a-w- c:\windows\system32\ati3duag.dll
2012-04-06 02:24 . 2010-02-10 15:00 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2012-04-06 02:11 . 2010-02-09 22:58 3900800 ----a-w- c:\windows\system32\ativvaxx.dll
2012-04-06 01:51 . 2010-10-14 20:22 65024 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:51 . 2010-10-14 20:22 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-04 19:56 . 2011-05-29 02:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-10 13:08 . 2012-03-07 23:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2012-03-01 11:01 . 2006-06-23 07:02 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 08:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 08:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2012-05-03 15:25 . 2012-03-20 15:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\User1\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-11-6 0]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^User1^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\User1\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 20:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-11-12 17:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ------w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 22:35 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection]
2010-05-31 13:22 568312 ----a-w- c:\program files\GamesBar\SearchEngineProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 18:58 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Blood Bowl Legendary Edition\\BB_LE.exe"=
"c:\\Program Files\\Blood Bowl Legendary Edition\\Autorun\\Exe\\Autorun.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jollyrover\\jolly_rover.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.913\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Program Files\\Diablo III\\Diablo III.exe"=
"c:\\Documents and Settings\\User1\\Local Settings\\Apps\\2.0\\YHN5H44Z.TY5\\RLD53DLJ.3BG\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\CurseClient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
.
R0 SI3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [29/08/2007 4:04 AM 116264]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/05/2011 7:29 PM 436792]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [15/05/2012 12:22 PM 36000]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [19/12/2001 12:45 PM 8576]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [15/05/2012 12:22 PM 86224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 11:40 PM 257696]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [13/02/2012 3:24 PM 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [03/05/2012 11:25 AM 129976]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 90723457
*NewlyCreated* - ASWMBR
*Deregistered* - 90723457
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 05:03]
.
2012-05-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 20:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\notlttgx.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 15:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-651377827-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,62,45,49,10,01,7b,4a,b3,8d,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,62,45,49,10,01,7b,4a,b3,8d,fe,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(932)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-05-25 15:50:00
ComboFix-quarantined-files.txt 2012-05-25 19:49
ComboFix2.txt 2012-05-25 06:57
.
Pre-Run: 869,933,793,280 bytes free
Post-Run: 869,982,265,344 bytes free
.
- - End Of File - - 41A3E659C0ED0BCFB3C31AC75505A22F

Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 25 May 2012 - 04:19 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 GrandReaper

GrandReaper
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 25 May 2012 - 06:59 PM

7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.5
AMD Catalyst Install Manager
Ask Toolbar
µTorrent
Avira Free Antivirus
Barbie™ and the Magic of Pegasus™
Big Fish Games Client
Blood Bowl Legendary Edition version 2.0.0.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CutePDF Writer 2.8
Diablo III
EA Download Manager
EasyZip
Enchanted Fairy Friends
GamesBar 2.0.1.55
Garden Defense (remove only)
Ghost Pirates
GIMP 2.6.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Java Auto Updater
Java™ 6 Update 31
Jolly Rover
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mortimer Beckett and the Lost King Collectors Edition(remove only)
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
Mystery Case Files: Ravenhearst &reg;
Nancy Drew Message in a Haunted Mansion
Nero Suite
Picasa 3
PowerDVD
Realtek AC'97 Audio
Samantha Swift and the Hidden Roses of Athena
ScummVM 1.2.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Steam
The Sims Medieval
The Sims™ 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
WebFldrs XP
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
World of Warcraft
World of Warcraft Beta
Yahoo! Detect

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 26 May 2012 - 12:41 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.5
Ask Toolbar
µTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 GrandReaper

GrandReaper
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 26 May 2012 - 11:04 PM

Hmmmm. Well, I was able to use Revo to uninstall all the programs you mentioned. I was NOT able to update Adobe OR Java OR install HijackThis -> the error message from HijackThis was a Windows Installer message:

"The system administrator has set policies to prevent this
installation."

I believe the problems with Adobe and Java were the same message.

Here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.26.06

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: HOME-326C25185E [administrator]

26/05/2012 11:36:09 PM
mbam-log-2012-05-26 (23-36-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206305
Time elapsed: 10 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks!

#14 GrandReaper

GrandReaper
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:06 AM

Posted 26 May 2012 - 11:06 PM

I made an error. The message given by Adobe was a little different. It mentioned that being in Safe Mode might be the problem. I can run the installers again if you want the precise messages.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:06 AM

Posted 27 May 2012 - 07:50 AM

are you able to do them in normal mode?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users